← Back to Home

Tag: 供应链安全 (2 articles)

Incident Report: CVE-2026-LGTM

A fictional incident report about dueling AI review agents reveals real risks of uncontrolled costs and multi-agent conflicts in AI-powered supply chain security.

Simon Willison · Jun 27, 2026

What's new in pip 26.1 - lockfiles and dependency cooldowns!

pip 26.1 introduces native lockfiles (pylock.toml) and a dependency cooldown feature, aiming to enhance supply chain security and reproducibility in the Python ecosystem by locking dependency versions and avoiding overly new packages.

Simon Willison · Apr 28, 2026