# vet: Open Source Software Supply Chain Security Guardrail in the age of AI SDLC

By: Abhisek Datta

Conference: Blackhat
Year: 2026
Date: 2026-04-23

Tags: supply-chain-security, open-source-security, sca, ai-security, devsecops


## Resources
- Conference Link: https://blackhat.com/asia-26/arsenal/schedule/index.html#vet-open-source-software-supply-chain-security-guardrail-in-the-age-of-ai-sdlc-49967
- Source Code: https://github.com/safedep/vet



vet is an open source software supply chain security tool, enhanced for the AI assisted SDLC. Unlike traditional SCA tools, vet proactively detects malicious packages before they appear in OSV database, integrates as an MCP server with AI IDEs and coding agents (e.g. Cursor, Claude Code), and provides conversational analysis over scan results. This places it uniquely between package level malicious code detection and developer-first defense in the age of AI coding tools.

https://github.com/safedep/vet