Anaconda, Inc.

Many organizations say they have an AI strategy, but few enforce it where AI actually runs. 🚩 Research shows the gap isn’t policy, but infrastructure. Governance built at the organizational level doesn’t extend to the application or model layers, where real risk lies. Until runtime controls are in place, investments won’t translate into value, and unmanaged AI could carry significant financial and legal consequences. Explore insights from our recent Gartner® report and why orgs struggle to actually execute AI strategies: https://bit.ly/41vy5gw

Your AI workflows in Snowpark and Snowflake Notebooks already run on Anaconda’s secure open-source Python by default.

This week’s #PythonTipsTuesday: skill files 🪆 Skill files are just Markdown docs you give an LLM to read before it runs a task, so it understands your conventions and expectations. You can write your own, or use existing ones. Anthropic has a repo with skill files for things like reading PDFs or working with Word docs. There’s even one for creating more skill files! Learn more from Anaconda Senior Developer Relations Engineer, Daina Bouquin:

Last week, LiteLLM — 95 million monthly downloads — was backdoored on PyPI for 3 hours. The attacker used compromised CI/CD credentials and published through the legitimate pipeline. The package would have been validly signed — because it came from the real account, through the real build system. No single layer is enough. I wrote a deep dive exploring what a complete, layered defense looks like for the Python and Conda supply chain based on what solutions and approaches exist today. Signing — conda's native TUF verification (conda-content-trust, production since 4.10.1), Sigstore attestations via rattler-build and pixi, CEP 27 standardizing the format, and Anaconda partnering with prefix.dev to bring Sigstore into the conda client. Two complementary trust models working together. Curation & Enterprise Channels — Anaconda's human-curated CVE management, private enterprise mirrors with air-gapped support, conda-forge CVE association, SBOM generation, and audit trails. Plus prefix.dev hosted channels with Trusted Publishing for teams that need lighter-weight private infrastructure. Rebuilt from Source — Chainguard Libraries rebuilding 16K+ PyPI packages from verified source in a SLSA L3 build system, blocking 98% of distribution-stage malware. Runtime Containment — Snowflake's compute isolation (Snowpark UDF sandboxing, SPCS default-deny networking, egress allowlists) as a reference architecture for containing compromised code at runtime. Frameworks — the full architecture mapped to SLSA, S2C2F, and Sigstore with reusable diagrams. These are complementary layers, not competing approaches. Prevention reduces probability. Containment limits consequence. A complete architecture needs both. Would love to hear how your teams are thinking about this. https://lnkd.in/eZvJMPF7 #Snowflake #Chainguard #Anaconda #Conda #CondaForge #Pixi #PrefixDev #Python #SupplyChainSecurity #Sigstore #DevSecOps #OpenSource #SLSA #CyberSecurity #ContainerSecurity

The latest edition of Numerically Speaking has arrived with the latest on enterprise AI and AI-native development! Dive deep into: ⛓️💥 Why your AI strategy is failing without runtime controls 📑 A commissioned report on governing open-source risk 🛠️ Why AI labs are buying the tooling layer 📦 The latest AI Catalyst updates And so much more! Explore the full edition and don’t forget to subscribe:

Open source AI adoption is accelerating, but without proper governance, projects stall. Or worse: proceed without proper visibility. While 43% of organizations plan to invest over $1M in AI, 62% struggle to move projects into production due to security, compliance, and licensing risks. This report examines how teams can scale open-source AI with secure infrastructure, automated policy enforcement, and cost-efficient techniques like quantization (without slowing innovation) → https://bit.ly/4uVcNXe

Evaluating models for production used to take weeks and often meant juggling performance tests, license checks, and security reviews across teams. 🐌 AI Catalyst cuts that work down to hours by bringing everything into one place, filtering by use case, surfacing hardware requirements, and showing benchmarks built for real workloads. Each model includes source verification, legal-reviewed license summaries, and responsible AI scores. NVIDIA Nemotron models are now included, with governance controls aligned to what teams already use for Python packages. Accelerate your AI deployment ⚡️ https://bit.ly/3PZuepq

Poor governance is holding back your AI strategy. Only 15% of IT leaders strongly believe they have the right governance models in place to manage their AI agents in their enterprise applications, while 84% believe they need additional technical controls to mitigate risk. Discover actionable frameworks for modernizing your AI governance in this Gartner® report and… ✅ Why most AI strategies fail at the application level ✅ The ROI case for effective governance ✅ New security risks traditional controls miss Dig into the full report: https://bit.ly/4rCrxIg

The LiteLLM supply chain attack this week deserves more than a headline read. Here's what actually happened: TeamPCP, a cybercriminal group active since late 2025, compromised two versions of a widely-used PyPI package — versions live for under an hour — that could exfiltrate SSH keys, cloud credentials, CI/CD secrets, API keys, and more. Not just from direct installs, but from any project carrying LiteLLM anywhere in its dependency tree. That's the part worth sitting with. You didn't have to install the package, you just had to depend on something that did. This is the defining challenge of modern open source development. The same interconnectedness that makes the ecosystem so powerful, the ability to build on the work of millions, is what makes supply chain attacks so difficult to defend against. The blast radius of a single compromised package can extend silently across thousands of projects before anyone knows something is wrong. What this incident reinforces for every team building with open source AI: ✅ Know your full dependency tree — not just the packages you chose, but everything they pull in ✅ Rotate immediately if you ran LiteLLM 1.82.7 or 1.82.8 — SSH keys, cloud tokens, CI/CD secrets, API keys, crypto wallets ✅ Monitor for anomalous behavior at install time — in this case, a RAM crash was the only signal ✅ Treat supply chain visibility as ongoing infrastructure, not a point-in-time audit The open source ecosystem is worth protecting. That starts with understanding how attacks like this actually work. Highly recommend checking out Help Net Security's great reporting on this: https://bit.ly/3PpCuz1 #LiteLLM #PyPI