[DigitalToday reporter Hwang Chi-kyu] Application security company Sparrow held its annual customer event, 'SAI 2026 (Sparrow Application Insight 2026)', at Nine Tree Premier ROKAUS Hotel Seoul Yongsan on June 11. It assessed security threats facing the latest development environments centered on open source and AI coding and shared response measures.

Lee Man-hee (이만희), chair of the Supply Chain Security Research Association, delivered an invited lecture on 'the changing supply chain security environment and corporate response strategies'. He reviewed recent rapidly shifting trends in global supply chain regulations and introduced diversified attack surfaces and the latest supply chain threats driven by technological advances.

He shared the characteristics and implications of the latest AI models, including Claude Mythos. He said securing security visibility and building an automated security testing system across the entire development lifecycle are essential as advances in AI technology have sharply accelerated the pace of vulnerability discovery.

Sparrow CEO Jang Il-soo (장일수) pointed to management limitations such as lack of visibility, license risks and delays in responding to vulnerabilities as code generation through generative AI and the use of numerous open-source packages become mixed. "To address this, we need to expand the management scope of SBOM (software bill of materials) so that even AI models and AI-generated code can be tracked transparently," he said. "We should also add digital signatures to generated SBOMs to verify integrity and build a trusted supply chain security ecosystem by visualising suppliers and buyers that exchange SBOMs," he added.

Later sessions introduced strategies for adopting software development security in AI development environments, an overview of Sparrow's core roadmap, and patterns and reasons behind development security incidents based on real cases.

In a presentation titled 'security threats and response measures for generative AI coding', Sparrow said the development environment is changing rapidly with the spread of Vibe Coding, but generative AI can produce unsafe code. As a solution, it proposed 'Sparrow MCP (Model Context Protocol)', which performs security verification from the point of code generation. The company said developers can maintain their development workflow while securing code safety with Sparrow MCP.

Sparrow plans to formally launch Sparrow MCP, unveiled at SAI 2026, soon. It said the strategy is to help customers minimise security gaps and build a safe and reliable software supply chain even in a rapidly changing AI development environment.