Weekly Security Roundup: Roots of Trust, SOC AI, and Safer Supply Chains

Security news this week covers updates to open-source hardware, data protection features, secure analytics, encrypted DevOps workflows, and improved guidance for software supply chain safety.

Open-Source Silicon Security and Quantum-Resilient Hardware Roots of Trust

Caliptra 2.1 from Microsoft adds quantum-resilient cryptography, advanced key management, and secure erase options. Formal property verification with open documentation helps silicon developers and cloud providers build stronger confidential computing environments.

• Caliptra 2.1: Advancing Open-Source Silicon Root of Trust for Data Protection

Secure Analytics Platforms: Customer-Managed Keys and Outbound Access Protection in Microsoft Fabric

Microsoft Fabric now features customer-managed keys for workspace encryption and has moved outbound access protection to general availability for Warehouses, Notebooks, and SQL Analytics. Updates make securing and controlling access at the workspace level easier for teams.

• Extending Outbound Access Protection to Fabric Warehouse and SQL Analytics Endpoint
• Customer-Managed Keys for Microsoft Fabric Workspaces Now Generally Available
• Customer-Managed Keys Now Available for Fabric Warehouse and SQL Analytics Endpoint

AI Benchmarks and Open Security Tooling for Modern SOC Workflows

The ExCyTIn-Bench toolkit simulates advanced attack scenarios, helping SOC teams assess LLM performance using Sentinel log data and incident graphs. Open results and adaptability help speed up adoption of security-focused AI tools and features.

• ExCyTIn-Bench: Benchmarking AI Performance in Cybersecurity Investigations
• Open Source Benchmarking Tool to Measure AI for Cybersecurity

DevOps Security: Modern Authentication, Secure Data Sharing, and End-to-End Encryption

Microsoft is transitioning authentication procedures for Visual Studio and Azure DevOps to Entra ID, improving security and access control. Delta Sharing in Databricks is now safer thanks to implementation of NCC and private endpoints. Research continues into adopting end-to-end encryption for Git, supporting improved software supply chain security.

• Modernizing Authentication for Legacy Visual Studio Clients
• Secure Delta Sharing Between Databricks Workspaces Using NCC and Private Endpoints
• Efficient End-to-End Encryption for Git Services: Enhancing DevOps Security

Secure Coding and Supply Chain Defense in Developer Workflows

GitHub CodeQL’s Rust support and build-free C/C++ scanning improve developer ability to identify vulnerabilities, especially during CI/CD and code review. Tutorials on using SBOMs, VEX advisories, and eBPF for runtime inspection extend supply chain policy and runtime observability.

• CodeQL Adds Rust and Build-Free C/C++ Scanning in General Availability
• Establishing Visibility and Governance for Your Software Supply Chain

Marketplace, Extension, and Privileged Access Risks

Wiz researchers found over 500 VS Code and OpenVSX extensions with hardcoded secrets, putting over 150,000 users at risk; Microsoft has introduced secret scans before publication. Updated best practices for privileged tools cover measures such as PRMFA, RBAC, and JIT/JEA to help isolate high-risk actions.

• VS Code Marketplace Secret Leaks Highlight Risks in Extensions and AI Configurations
• Hardening Customer Support Tools Against Cyberattacks: Microsoft’s Approach

Other Security News

Microsoft has started .NET Security Group to coordinate CVE management for faster, more effective patching. GitHub is updating Dependabot Alerts API to use cursor-based pagination, streamlining supply chain notification. Industry commentary urges teams to use context-aware controls, monitoring, and incident response practices rather than relying solely on “shift left” development.

• Announcing the .NET Security Group
• Dependabot Alerts API Deprecates Offset-Based Pagination Parameters
• Why ‘Shift Left’ Alone Isn't Enough: Embedding Security Across Software Delivery