By ByteBot
In March 2026, Axios—one of npm’s most-used HTTP clients with 100 million weekly downloads and running in 80% of cloud environments—became a malware delivery vehicle for three hours after attackers hijacked a maintainer’s account. During those three hours, tens of thousands of organizations were infected. Every one of them had SBOMs. The SBOMs didn’t help.
This single incident exposes what the data has been screaming for months: SBOMs became compliance checkboxes while supply chain attacks surged. Open-source malware detections jumped 73% in 2025 compared to 2024, with over 10,000 malicious packages discovered—most on npm, where malicious activity more than doubled. This surge happened during peak SBOM adoption following the 2021 Executive Order 14028 and 2025 CISA guidance updates. If SBOMs were working as security controls, we’d see the opposite trend.
March 2026: Five Attacks in Twelve Days Broke Open-Source Trust
Between March 19 and March 31, 2026, five major open-source projects fell in rapid succession: Aqua Security’s Trivy scanner (100,000+ users), the Axios HTTP client (100 million weekly downloads), Checkmarx’s AST GitHub Actions, the LiteLLM AI proxy, and the Telnyx communications library. This wasn’t random—attackers deliberately targeted popular, actively maintained projects with massive reach.
The Trivy compromise was particularly ironic. A vulnerability scanner designed to detect security issues became the attack vector for stealing CI/CD secrets. Attackers exploited a misconfiguration in Trivy’s GitHub Actions environment, extracted a privileged access token, and published malicious versions that infected thousands of CI/CD pipelines. When Trivy’s team rotated credentials, they missed some—allowing attackers to maintain access.
Axios fell twelve days later. Google’s Threat Intelligence Group attributed the attack to a suspected North Korean APT group (UNC1069). The malware was live for three hours. In that window, with 100 million weekly downloads and presence in 80% of cloud environments, tens of thousands of organizations pulled infected versions into production.
These weren’t fringe projects maintained by hobbyists. Trivy is embedded in enterprise CI/CD pipelines. Axios powers critical infrastructure. If they can be compromised, anyone can.
Why SBOMs Failed: The Compliance Checkbox Problem
The issue isn’t that SBOMs don’t exist—it’s that they’re generated as compliance artifacts rather than security controls. Most companies produce SBOMs at build time as the last step in a process, creating snapshots that miss components added during packaging or integration, become stale the moment they’re generated, and don’t reflect what’s actually running in production.
Even businesses with mature development practices generate incomplete SBOMs because many open-source projects haven’t generated SBOMs for their own software. Traditional build-based SBOM tools fail to detect components added during OEM supply or packaging. What gets deployed doesn’t match what the SBOM says.
But incompleteness isn’t the real killer. It’s what happens after generation.
The Decision Clarity Gap: Having Data Without Knowing What to Do
As security researcher Devashri Datta puts it: “Software supply chain security isn’t suffering from a lack of data; it’s suffering from a lack of decision clarity.”
Organizations sit on mountains of data: SBOMs, VEX (Vulnerability Exploitability eXchange) statements, vulnerability intelligence, third-party disclosures. Yet decision-making remains fragmented. Security teams rely on severity scores without context. Engineering teams lack consistent decision criteria. Legal teams operate on disconnected disclosure data.
VEX adoption—which should contextualize SBOM data by indicating whether vulnerabilities are actually exploitable—struggles because organizations lack confidence making and defending exploitability assertions. Liability concerns drive hesitation as much as technical uncertainty.
As one industry analysis puts it: “The real challenge is: Can organizations explain why a decision is made and defend it later? Without a unified decision model, the answer is often, No.”
This fragmentation kills you in a three-hour attack window. By the time security reviews the SBOM, engineering evaluates severity, and legal considers liability, attackers have already exfiltrated secrets from thousands of pipelines.
The Shift to Agentic Governance: From Visibility to Action
SBOMs represent the “visibility era” of supply chain security: catalog everything, assume visibility equals security. March 2026 proved otherwise. The industry is now transitioning to the “governance era”—frameworks that don’t just track what exists but actively manage, interpret, and remediate risks.
Agentic governance treats AI agents as autonomous actors managing supply chain security through continuous monitoring, interpretation, and automated remediation. Instead of generating a snapshot at build time and hoping humans can interpret it fast enough, agentic systems operate in real time with three key pillars:
MLSecOps: Traditional DevSecOps focuses on code and libraries. MLSecOps adds protection for AI model weights, training data, and specialized protocols like the Model Context Protocol (MCP). As AI agents become infrastructure components—reaching into file systems, querying databases, pushing code—securing the agent supply chain becomes critical.
Binary Lifecycle Management: SBOMs catalog source code and build dependencies. But the “binary gap”—the difference between what you build and what actually executes in production—is where real risk lives. Binary lifecycle management tracks compiled artifacts from build through runtime, verifying integrity of what’s actually running.
Agentic Remediation: The Axios attack lasted three hours. Manual processes can’t compete with that timeline. Agentic remediation uses AI-driven systems to detect, interpret, decide, and remediate without human intervention, collapsing mean time to remediate from hours to minutes.
What Developers Should Do
Stop treating SBOM generation as a security control. It’s a compliance artifact. Generate it to meet regulatory requirements, but don’t assume you’re secure because you have one.
Implement governance, not just visibility. Move beyond “what’s in my software?” to “what do I do when something in my software is compromised?” Build decision-making frameworks that can explain and defend choices. If you can’t articulate why you made a decision three months later when auditors or legal teams ask, your process is broken.
Verify what actually runs in production. Source-level and build-time SBOMs miss the binary gap. Implement runtime verification to ensure deployed artifacts match what you think you shipped.
Automate response. Three-hour attack windows are too fast for manual triage. Invest in automated remediation capabilities. The winners in 2026 won’t be organizations with the cleanest compliance reports—they’ll be the ones who upgrade faster than attackers can exploit.
The Harsh Lesson
March 2026 taught a brutal lesson: popular, actively maintained projects with comprehensive security practices still get compromised. Trivy had 100,000+ users and was purpose-built for security. Axios had 100 million weekly downloads and ran in 80% of cloud environments. Both fell within twelve days.
If you’re relying on SBOMs alone, you’re operating in the visibility era while attackers moved to the governance era. The 73% surge in supply chain attacks isn’t an anomaly—it’s what happens when compliance theater replaces actual security.
Generate your SBOMs. Meet your regulatory requirements. But don’t confuse compliance with defense. The data is clear: visibility without decision-making is just expensive paperwork.
