Ghost in the Pipeline: Hunting Supply Chain Attacks from npm to AI Agents

Harish Ravichandra is a Security Engineer specializing in endpoint security operations, vulnerability management, and supply chain threat detection at enterprise scale. His core operational stack includes CrowdStrike Falcon (sensor deployment, Falcon Data Replicator for passive DNS and process telemetry, and Real Time Response for live endpoint forensics), Tenable.io for continuous vulnerability assessment, and privileged access management across mixed OS environments (macOS, Linux, and Windows).

He writes detection and remediation scripts for emerging CVEs, supply chain compromises, and zero-day threats across macOS, Linux, and Windows, covering the full lifecycle from initial triage and threat intelligence correlation to fleet-wide deployment and post-deployment validation. His operational scope includes software supply chain attacks (npm, PyPI, GitHub Actions), endpoint hardening, vulnerability prioritization, and cross-platform forensic analysis using EDR telemetry.

He is the architect of an internal vulnerability intelligence platform that automates the full detection lifecycle, including CVE ingestion from NVD and vendor advisories, threat intelligence correlation against active exploit data, AI-driven detection script generation with platform-specific constraints, and orchestrated deployment across the endpoint fleet. The platform enforces a read-only detection scope, where AI-generated scripts can observe and report but cannot modify or remediate without explicit human authorization.

His current research focuses on extending supply chain detection methodologies from traditional package ecosystems into AI/ML supply chains, including model integrity verification, pickle deserialization attack detection, MCP tool poisoning, and agentic AI framework security mapped to MITRE ATLAS and OWASP LLM Top 10 2025.