PyPI's 600,000+ packages power critical infrastructure across nearly every industry, and as the ecosystem grows, so does the sophistication of those looking to exploit it. The 2024 Ultralytics token compromise and NP6's typosquatting and DLL sideloading attack are just two examples — and mitigations like Sigstore provenance logs, SLSA levels, and SBOMs are only as good as the packages they protect.
At Chainguard, we've been working on a more fundamental answer: rebuilding Python packages from scratch. This talk shares what we learned — both about the threat landscape and the surprisingly complex engineering involved. Starting with PyTorch turned out to be like jumping into an open volcano, and we'll share war stories from achieving manylinux_2_28 compatibility, surviving GCC ABI hell, and debugging segfaults from OpenMP runtime conflicts.
The takeaway: serious software deserves serious supply chain security. We'll leave you with practical steps for securing your own projects and infrastructure and consider what a more secure Python ecosystem might look like in 2026 and beyond.