The RSA Conference (RSAC) is always a major event for the cybersecurity community, and this year was no exception.
Sonatype made a strong showing at RSAC 2025 with new innovations, compelling thought leadership, and face-to-face engagement that reinforced our mission to protect the software supply chain from emerging threats like open source malware and unmanaged AI models.
From the show floor: Refreshing conversations and new connections
Our presence at Lemonade — Sonatype's branded space just off the show floor — offered a "refreshing take on SCA." It served as a welcome destination for developers, security professionals, and industry leaders to connect, recharge, and discuss the evolving challenges of securing modern software supply chains.
Software composition analysis (SCA) is a methodology used to identify, monitor, and manage open source components within an application.
SCA helps teams:
-
detect vulnerabilities;
-
enforce licensing policies; and
-
block malicious packages before they enter the development pipeline.
Expanding protection to the edge with Sonatype Repository Firewall
One of the major highlights from this year's event was the buzz around our latest updates to Sonatype Repository Firewall. The new capabilities, announced ahead of RSAC, extend Sonatype Repository Firewall’s protection beyond traditional boundaries.
Also, enterprises can defend their software supply chains starting at the edge, thanks to a new integration with Zscaler. By integrating directly into the cloud-based secure web gateway, Sonatype Repository Firewall enables organizations to inspect and block open source malware at the moment they are requested, before they ever reach a developer's machine or internal repository. This edge-level enforcement adds a powerful new layer of proactive defense for enterprises managing distributed teams and cloud-native pipelines.
At RSAC, we also showcased how Sonatype Repository Firewall helps customers block malicious components hidden not just in open source packages, but also in Docker containers and AI models sourced from platforms like Hugging Face — an important step as attackers shift tactics in the AI era.
Leading conversations on AI, open source, and software supply chain security
In addition to formal RSAC sessions, Sonatype took part in broader industry conversations happening around the event, highlighting the growing urgency of securing open source AI and software supply chains.
One notable discussion featured Sonatype co-founder and CTO Brian Fox, who talked about how to secure open source AI. In a sit-down with industry media, Fox drew parallels between the early days of open source software and the rapid rise of open source AI, warning of the risks facing organizations that adopt these technologies without proper governance.
For more on Sonatype's perspective on open source AI and secure development practices, check out our whitepaper on modern software development in the era of AI.
Unpickling PyTorch: Exposing risks in AI frameworks
This year at RSAC, Sonatypers Andrew Stein and Trevor Madge spoke about their discoveries on how malicious actors leverage pickle files to introduce open source malware into target networks. In conjunction with the talk, we also released our new whitepaper, Unpickling PyTorch, which dives deep into the emerging risks discovered by Andrew and Trevor — risks introduced by insecure model serialization practices in AI frameworks like PyTorch.
The whitepaper, which mirrors their talk, explains how PyTorch's reliance on Python's pickle module for saving and loading models opens the door to serious software supply chain risks. Malicious actors can weaponize this mechanism by embedding harmful code into serialized model files. When these models are loaded, the embedded code executes automatically, without user awareness, potentially compromising the developer's system or wider network.
As the popularity of open source AI models continues to grow, so too does the likelihood that compromised models could be unwittingly downloaded from public model hubs or shared repositories. The Unpickling PyTorch whitepaper highlights real-world examples of how threat actors are exploiting this attack surface and provides actionable best practices for organizations working with open source AI models.
This is more than a theoretical concern — it's a live and growing attack vector. The paper's insights align with our broader message at RSAC: Security in the AI era demands the same vigilance and tooling we've developed for traditional open source components.
Until next time
RSAC 2025 was an exciting opportunity to highlight Sonatype's leadership in securing modern development, from protecting pipelines and model registries to harnessing the power of open source AI.
We are grateful to everyone who stopped by, joined our sessions, and continues to push for stronger, smarter security practices.
We will see you next year. Until then, stay secure in your software development.

Aaron is a technical writer on Sonatype's Marketing team. He works at a crossroads of technical writing, developer advocacy, software development, and open source. He aims to get developers and non-technical collaborators to work well together via experimentation, feedback, and iteration so they ...
Explore All Posts by Aaron Linskens
Discover a Better Way to SCA
Forrester evaluated 10 SCA providers and recognized Sonatype with the highest possible scores. Learn why Sonatype was named a leader in Forrester Wave™ for SCA.