21 min read
Supply Chain Attacks Just Went Autonomous: The SANDWORM_MODE Wake-Up Call
Nineteen malicious npm packages. Four AI coding tools. Rogue MCP servers injected silently into agent configurations. SANDWORM_MODE is the first documented autonomous supply chain attack targeting AI developer toolchains — and it exposes a structural vulnerability that identity alone cannot fix.