Zeal of the Convert — Taming Shai-Hulud with AI

A practitioner post-mortem by Rami McCarthy (Wiz) at Unprompted (March 2026) on responding to the 2025 Shai-Hulud campaigns. Abstract-only; slides and video are not yet captured.

The Argument

Shai-Hulud was a series of supply-chain attacks that leaked large volumes of victim data onto GitHub. As a responder to these internet-scale incidents, McCarthy describes moving from simple “vibe-coded” scrapers to multi-agent triage engines that parallelize victimology and automate secret-impact analysis. The talk is framed as a raw account of what worked, where the ground shifted, and how “lazy” AI lets a responder down. It shares prompts, scripts, and skills as takeaways.

Where It Fits

Direct evidence for the incident-response / triage capability in the Agentic SOC: State of the Field thesis: agentic IR applied to a real internet-scale event, not a demo. It also connects to the supply-chain coverage. Shai-Hulud is the campaign whose CI/CD mechanics the JFrog 2026 report says still persist across the ecosystem (its RepoHunter findings matched Shai-Hulud’s pipeline-misconfiguration pattern), and it is adjacent to the prt-scan CI/CD campaign.