Remember when supply chain attacks primarily targeted on-premise or hybrid environments? Think SolarWinds in 2020 where SVR-attributed actors injected SUNBURST malware into the Orion build process, impacting thousands of organizations. Or even the Okta support systems breach in 2023, a multi-layered attack of social engineering and token theft that led to a massive customer data exposure.
While those were significant, things have changed. Notably, in September 2025, researchers at Palo Alto Networks demonstrated a new AI supply chain attack method called "Model Namespace Reuse" that allows attackers to register names associated with deleted or transferred models on platforms like Hugging Face, enabling them to deploy malicious AI models and achieve arbitrary code execution. The attack was successfully demonstrated against Google's Vertex AI and Microsoft's Azure AI Foundry, and thousands of open-source repositories were found to be susceptible. Today's risk and threat landscape is increasingly focused on cloud-native software supply chains that demand a more modern security stance.
Recent Incidents: A Wake-Up Call for Cloud-Native Security
Let's look at some recent examples:
- Nx Build System Compromise (August 2025): Unidentified threat actors managed to compromise the popular Nx build system package with data-stealing malware. Malicious versions of Nx and some supporting plugins were published. The malicious versions were only live for about five hours, but in that time they impacted more than 1,000 developers and exposed around 20,000 sensitive files. This incident is especially novel because it's the first documented instance of malware weaponizing AI Command Line Interface (CLI) tools for reconnaissance and data exfiltration.
- UNC6395 Campaign (August 2025): Around the same time, the Google Threat Intelligence Group reported on UNC6395 conducting a widespread data theft campaign. Their target was Salesforce customer instances, accessed through compromised OAuth tokens associated with the Salesloft Drift AI chat agent and other integrations. This highlights the critical need for rigorous vetting of third-party integrations and robust OAuth security, especially when non-human identities are involved. See Salesloft’s advisory for more details.
- Cloudflare Source Code Breach (Late 2023): Threat actors used leaked credentials to access Cloudflare's systems, including their Bitbucket source code management. Cloudflare hadn't rotated one service token and three service account credentials, which then gave the attackers an open door. This reminds us of the cascading risk of credential compromise across interconnected cloud services and the necessity of strict credential rotation policies.
These incidents collectively paint a picture of evolving vulnerabilities in the cloud-native software supply chain. They expose how attackers are exploiting the very trust relationships and automated processes that underpin modern cloud use. The consequence can be widespread data breaches, intellectual property compromise, and significant operational disruptions – things no security team wants to deal with.
Bolstering Your Cloud Defenses
So what should you do? For Cloud users, there are specific, powerful security approaches and features you should be leveraging:
| Non-Human Identity and OAuth Security |
| Lock down private keys. Store them in highly secure, independent locations like Cloud Key Management Service (Cloud KMS) to prevent credential leakage.
Be strict with OAuth and monitor. Implement stringent application permissions, always requiring admin consent for external applications. Use logging tools in Google Cloud logging or your chosen cloud and continuously check them for any anomalous app registrations or suspicious token usage. |
| Secure Development Environments |
| Managed workstations are your friends. Google Cloud offers Cloud Workstations that come with built-in security best practices like VPC Service Controls and IAM access policies, drastically reducing the risk of insecure developer workstations. Other providers have similar offerings or you can use third-party, provider agnostic solutions to help secure development environments. |
| CI/CD Pipeline Hardening |
| Use supply chain levels for software artifacts(SLSA)-a provider agnostic framework originally developed by Google that is now managed by the Open Source Security Foundation (OpenSSF). Aim for SLSA Level 3 assurance builds with Google Cloud Build. Achieving SLSA Level 3 involves implementing controls like ephemeral build environments and strict access controls, which can be done on any cloud using its native CI/CD tools or third-party tools (e.g., Jenkins or GitHub Actions). |
| Artifact and Dependency Security |
| Proactively scanning artifacts and managing dependencies are essential, regardless of your chosen cloud. In Google Cloud, leverage Artifact Registry with Container Analysis for proactive, automated vulnerability scanning of container images and language packages. Integrate Assured Open Source Software (Assured OSS) to use Google-curated and tested OSS packages, mitigating risks from vulnerable third-party dependencies. |
| Deployment Enforcement |
| Enforce a policy that only allows verified, signed, and attested images to run in a containerized environment. Binary Authorization is your Google Cloud-specific gatekeeper tool. Implement this deploy-time security control to ensure that only trusted, attested, and SLSA-compliant container images are deployed on Google Kubernetes Engine or Cloud Run. |
| Chrome Web Store Security (for extension developers) |
| If you're developing extensions in Google’s Chrome Web Store, opt-in to the Verified CRX Upload feature. As mentioned in the H2 2025 Google Cloud Threat Horizons Report, this cryptographically links your secure build environment directly to the Web Store, preventing malicious updates even if your account is compromised. |
| Centralized Security Management |
| Centralized visibility is a critical requirement for a strong security posture. Google’s specific security management platform is the Security Command Center (SCC) and other clouds offer equivalents. SCC provides centralized visibility, continuous resource discovery, and real-time alerts for threats and misconfigurations across your entire Google Cloud environment. Notably, Google announced in August 2025 that SCC's AI Protection solution now offers robust protections for AI agents. |
Your Next Steps for Cloud-Native Supply Chain Security
Understanding these emerging threats is the first step. To dive deeper into specific implementations and strengthen your defenses, explore Google Cloud's comprehensive resources on supply chain security and identity protection and stay informed of the latest cloud threat intelligence.