Upgrade to Pro — share decks privately, control downloads, hide ads and more …

PSF Security Engineer Update (PyCon US 2026)

Avatar for Seth Michael Larson Seth Michael Larson
June 16, 2026
6
0

PSF Security Engineer Update (PyCon US 2026)

Avatar for Seth Michael Larson

Seth Michael Larson

June 16, 2026

More Decks by Seth Michael Larson

See All by Seth Michael Larson
Alpha-Omega × Python Software Foundation (PyCon US 2026 Sponsor Presentation)
Avatar for Seth Michael Larson sethmlarson
0
5
The future of trust stores in Python
Avatar for Seth Michael Larson sethmlarson
0
740
Python HTTP Clients
Avatar for Seth Michael Larson sethmlarson
0
240

Featured

See All Featured
The #1 spot is gone: here's how to win anyway
Avatar for Tamara Novitovic tamaranovitovic
2
1.1k
Deep Space Network (abreviated)
Avatar for Tony Rice tonyrice
0
170
Effective software design: The role of men in debugging patriarchy in IT @ Voxxed Days AMS
Avatar for Kenny Baas-Schwegler baasie
0
400
Design in an AI World
Avatar for tapps tapps
1
230
Max Prin - Stacking Signals: How International SEO Comes Together (And Falls Apart)
Avatar for Tech SEO Connect techseoconnect
PRO
0
180
ReactJS: Keep Simple. Everything can be a component!
Avatar for Pedro Nauck pedronauck
666
130k
Java REST API Framework Comparison - PWX 2021
Avatar for Matt Raible mraible
34
9.3k
AI: The stuff that nobody shows you
Avatar for John Nunemaker jnunemaker
PRO
8
700
So, you think you're a good person
Avatar for Per Axbom axbom
PRO
2
2.1k
Crafting Experiences
Avatar for Bethany Jepchumba bethany
1
170
End of SEO as We Know It (SMX Advanced Version)
Avatar for Michael King ipullrank
3
4.2k
The Illustrated Guide to Node.js - THAT Conference 2024
Avatar for David Neal reverentgeek
1
380

Transcript

  1. PYTHON SOFTWARE FOUNDATION SECURITY UPDATE

  2. 1 2 3 attacks From typosquats to packages everybody installs

    secrets Credentials have become prime targets audits Transparency is essential for trust PyPI Perspective

  3. Attacks are moving upstream • >900 new projects on PyPI

    every day • 2800+ malware reports since last PyCon US • num2words >300k/day of transitive blast radius • litellm, telnyx, lightning, xinference, etc ◦ LiteLLM: 119,000 compromised downloads before quarantine ◦ ~40–50% of installs were unpinned TL,DR: AUDIT & PIN YOUR DEPS
  4. None

  5. Secrets are the target • pypj.org phishing campaign (July 2025)

    • s1ngularity (August 2025) • GhostAction (September 2025) • Shai-Hulud 1.0 (September 2025) • s1ngularity second wave (September 2025) • Shai-Hulud 2.0 (November 2025) • Mini Shai-Hulud (April-May 2026)

  6. Can’t steal what you don’t havehttps://docs.pypi.org/trusted-publishers/ ✓ PyPI ✓ crates.io

    ✓ RubyGems ✓ npmjs.com ✓ NuGet ✓ Packagist ✓ GitHub Actions ✓ Google Cloud ✓ ActiveState ✓ GitLab CI/CD ? CircleCI (in review) ? GLSM/GHES (beta) TL,DR: REPLACE ONE TOKEN ASAP

  7. PyPI Audit #2 Sovereign Tech Agency, Trail of Bits

  8. Trust, but verify - and publish the receipts • 14

    findings: 2 High · 1 Medium · 7 Low · 4 Informational • 12 remediated, 2 accepted with rationale • High: org members could invite Owners • High: project transfers silently retained permissions • Bonus: custom CodeQL queries from the auditors, in CI https://blog.pypi.org/posts/2026-04-16-pypi-completes-second-audit/ TL,DR: DON’T TAKE MY WORD FOR IT

  9. Software Vulnerabilities

  10. ~65 CVEs in 2026

  11. 7 new vulnerabilities in CPython, pip, uv Share knowledge and

    coordinate!

  12. Python Security Response Team (PEP 811)

  13. Software Bill of Materials (PEP 770) Red Hat, Fedora, auditwheel,

    pip, Maturin, pandas, cryptography, Meson, Pillow …(hundreds more)

  14. Fuzzing Python Standard Library EU Cyber Resilience Act Malware &

    Incident Response GitLab Self-Hosted Trusted Publishers pylock.toml, Dependency Cooldowns NEW PyCon US Security Talk Track

  15. Alpha-Omega Anthropic Google Sovereign Tech Agency “Security isn’t free!”

  16. PyPI Blog PSF Blog “Get Python security news!”