https://stackresearch.org/tags/supply-chain/Recent content in Supply Chain on Stack ResearchHugoen-usFri, 10 Apr 2026 00:00:00 +0000https://stackresearch.org/research/nhi-asi-series-06-third-party-tools/Fri, 10 Apr 2026 00:00:00 +0000https://stackresearch.org/research/nhi-asi-series-06-third-party-tools/<p>Every third-party tool an agent invokes is someone else&rsquo;s code running near your credentials.</p> <p>An agent&rsquo;s tool registry includes a data-formatting utility maintained outside the organization. A routine update pulls a compromised transitive dependency. The agent calls the tool while a database connection string is in scope. The tool still appears to work: it parses the data, returns the expected shape, and keeps the task moving. It also sends the connection string to an external endpoint.</p>