RSAC 2026 Day 1: 3 Supply-Chain Patterns India SMBs Should Act On This Week

RSA Conference 2026 opened at Moscone Center on March 23, 2026, with 570+ sessions, 700+ speakers and 31 tracks. Three threads dominate this year's hallway conversations: agentic AI, the offence-defence asymmetry, and supply-chain security under regulatory pressure ([SECURITY.COM, RSAC 2026 Forecasts](https://www.security.com/expert-perspectives/rsac-2026-forecasts)). If you run a 20-200-person Indian firm, here's what to take away — not the marketing-deck version, the version you can ship by Friday. ## TL;DR — what you should do this week If your team uses npm, pip, or any open-source registry: pin your dependencies to known-good versions, enable two-factor on the maintainer accounts you publish from, and add a one-line CI check that fails on unexpected post-install scripts. That covers the same attack class that hit Axios on March 31, five days after this conference closed ([Google Cloud Threat Intel](https://cloud.google.com/blog/topics/threat-intelligence/north-korea-threat-actor-targets-axios-npm-package)). ## Why this matters now Supply-chain attacks are no longer an "advanced threat" — they're the default. Between March 16 and 26, 2026, the Ericsson US breach (via a compromised third-party) and the broader npm ecosystem compromises set the backdrop for RSAC. A Symantec presenter warned at RSAC that supply-chain compromise is too rich an opportunity for attackers to ignore — and the Axios attack landed five days later ([Help Net Security](https://www.helpnetsecurity.com/2026/04/01/north-korean-hackers-linked-to-axios-npm-supply-chain-compromise/)). ## The three patterns dominating RSAC 2026 briefings Read the agenda and the same three attack patterns appear in 40+ sessions across the OWASP GenAI Security Summit, the Coalition for Secure AI (CoSAI) workstreams, and the SANS "Five Most Dangerous New Attack Techniques" briefing. ## The cheap-but-effective mitigations a small Indian firm can apply You don't need a SOAR platform or a six-figure SIEM. You need three controls, none of which cost more than a few hours of engineering time. ### Pattern 1 mitigation: pin and verify your packages Open your repo's package.json. If you see "axios": "^1.14.0" or "axios": "*", you are exposed. The caret tells npm to auto-upgrade to any 1.x version on the next npm install — including 1.14.1, the compromised release. Fix it now:

{
    "dependencies": {
      "axios": "1.13.2"
    },
    "overrides": {
      "axios": "1.13.2"
    }
  }
  

Then commit your package-lock.json. Run npm ci (not npm install) in CI — ci fails if the lockfile and package.json disagree, which catches a maintainer-account takeover. ### Pattern 2 mitigation: enable 2FA on every npm/PyPI account you publish from If anyone on your team publishes packages, log into npm right now (npmjs.com → Account Settings → 2FA → Authentication and writes). Pick "Authentication and writes", not just "Authentication". This forces a second factor for every npm publish and every package access change. The Axios compromise started with a maintainer email being changed to ifstap@proton.me — 2FA on writes would have stopped it. ### Pattern 3 mitigation: a 4-line CI check that catches install-time payloads Add to .github/workflows/security.yml:

- name: Block install scripts
    run: npm install --ignore-scripts && npm test
  

The --ignore-scripts flag prevents postinstall and preinstall hooks from running. 80% of npm malware lives in those hooks. Add a separate, gated step that runs scripts only for packages you explicitly trust. ## A comparison: what RSAC 2025 said vs. RSAC 2026 | Theme | RSAC 2025 framing | RSAC 2026 framing | What changed | |---|---|---|---| | AI in security | "Augment the analyst" | "Agentic, autonomous, partner the analyst" | LLMs now run tools, not just summarise alerts | | Supply chain | "SBOM is best practice" | "SBOM is regulatory" | EU CRA + US EO 14028 enforcement | | Identity | "MFA everywhere" | "MFA isn't enough — session theft and OAuth abuse" | Adversary-in-the-middle phishing kits commodified | | Cloud | "Misconfig is the #1 risk" | "Lateral movement and IAM blast radius" | Cloud breaches now measured in tenants, not buckets | ## The action list — copy this into a Jira ticket today

• Audit every package.json and requirements.txt in your repos. Replace caret/tilde ranges with exact versions for production dependencies.
• Enable 2FA "Authentication and writes" on every npm, PyPI, GitHub, and Docker Hub account that publishes artifacts.
• Add npm install --ignore-scripts to your CI build step. Whitelist scripts only for the 5-10 packages that truly need them.
• Generate an SBOM with Syft or CycloneDX on every build. Store it as a CI artifact for 90 days minimum.
• Inventory every MCP server your team's AI tools connect to. Treat each as a privileged tool — give it a service account, not a personal token.
• Rotate any long-lived API keys older than 90 days. Move to short-lived OAuth where possible.
• Run a tabletop: "what do we do if our most-used npm dependency ships malware tomorrow?" 30 minutes, no slides, just the team.

## What the Indian-context wrinkle adds Two things every Indian SMB CTO should hold in mind. First, your developers ship from coffee shops, college hostels, and shared Wi-Fi — session theft is more likely here than at a Fortune 500. Push hardware security keys (YubiKey 5C NFC, ~₹4,500) for anyone with prod access. Second, your auditors will start asking about SBOMs in 2026 under DPDP-adjacent guidance — getting Syft into CI now means you're ahead of the audit, not chasing it. ## What we picked up watching the keynotes from Bengaluru Three under-discussed sessions worth your time. First: the Coalition for Secure AI's "Securing MCP" workstream, presented with Anthropic Deputy CISO Jason Clinton — an honest catalogue of attack patterns against Model Context Protocol servers, ahead of where most SOC playbooks are. Second: Cisco's Jeetu Patel keynote on "Reimagining Security for the Agentic Workforce" — useful framing for how identity has to evolve when the "user" is a non-human agent that sometimes hallucinates which tool to call. Third: Minimus's open-source program offering hardened container images and SBOM generation — a free option for Indian SMBs that don't want to commit to Snyk's enterprise pricing. ## A debate we'd like to see settled RSAC 2026 spent a lot of breath on "agentic AI as the new SOC analyst" — but skipped the harder question: what happens when the agent is wrong? OWASP's GenAI Security Summit had a few sessions touching this (the FinBot CTF was fun), but the actionable guidance is still 12-18 months away. Until then, our recommendation: any agent that takes irreversible actions in your environment runs with a human-in-the-loop checkpoint, full stop. Agents reading and summarising data: fine, supervise weekly. Agents writing config, deploying code, or moving money: every action needs a human approve before execution. ## Real example — what we shipped for a Bengaluru fintech client A 35-person lending startup in Indiranagar asked us for a 2-hour security posture review after RSAC. We found three things in their main Node.js service: 47 dependencies with version-range pinning (could auto-upgrade), 2FA disabled on their npm publish account, and postinstall scripts enabled across the board. Total fix time: 4 working hours. Cost to them: ₹18,000. The hardest part wasn't the technical work — it was getting the lead engineer to commit package-lock.json to git (he had it in .gitignore, a habit from an old monorepo). For our founder's longer take on supply-chain risk in the Indian SMB context — including a couple of incidents we can't name publicly — see [Vivek Singh's blog on cybersecurity for fast-moving teams](https://viveksinra.com/blog). ## FAQ ### What is the most important takeaway from RSAC 2026 for a small Indian SMB? Pin your dependencies and enable 2FA on every package-publishing account. These two controls cost you 4 hours and zero rupees. They would have stopped the Axios npm compromise that hit on March 31, 2026 — five days after RSAC closed. ### Do I need an SBOM in 2026 if I'm not selling to the US government? Yes, if you sell B2B software anywhere. EU buyers under the Cyber Resilience Act will ask for SBOMs starting late 2026. Indian banks under RBI's third-party risk circulars are starting to ask too. Use Syft (free, open-source) and you'll be ready. ### What's an MCP server and why does RSAC care? Model Context Protocol is the spec that lets LLMs call tools — file systems, databases, APIs. CoSAI's RSAC session showed that MCP servers are exposed without identity boundaries: any agent can call any tool, with whatever privileges the server has. Treat MCP servers like privileged service accounts. ### How do I know if an npm package I depend on was compromised? Run npm audit daily in CI. Subscribe to GitHub Advisory Database email alerts for your top 10 dependencies. For the Axios case specifically, check your lockfile — if it shows axios 1.14.1 or 0.30.4, you shipped the backdoor. Roll back to 1.13.2 and rotate any secrets accessed from that build. ### Is RSAC worth the trip for an Indian CTO? If you go for the booths, no. If you go for the briefings and the 7am hallway conversations, sometimes. The full recordings come out two weeks later — most CTOs we know watch from Bengaluru with a notebook open and get 80% of the value for ₹0. ### What should I do about agentic AI risks specifically? Inventory every agent your team has deployed (Claude in Cursor, internal LangChain pipelines, n8n with AI nodes). For each, ask: what credentials does it hold? What tools can it call? What's the blast radius if its instruction window is poisoned? If you can't answer those three questions in 60 seconds, you have an agentic-AI risk problem worth budgeting for. ### How fast can the Adobe-style "vendor compromise" attack land on an Indian SMB? The Adobe breach two weeks after RSAC took one phishing email and one RAT install on a BPO agent's laptop — total dwell time before exfil was reportedly hours, not days ([SecurityOnline](https://securityonline.info/adobe-data-breach-mr-raccoon-bpo-supply-chain-leak/)). If your firm uses any outsourced support, accounting, or QA vendor with prod access, that's your same exposure.