TL;DR

Every vendor you trust is a door into your business — and attackers are walking through them faster than ever. In 2025, third-party breaches doubled in frequency, extortion attacks surged 63% to 6,800 incidents, and the average supply chain compromise now takes 267 days to detect and costs $4.91 million. This post breaks down three real-world breach patterns, explains what went wrong, and gives you the exact security demands to make of every vendor this week.

Third-party risk isn't a theoretical problem for large enterprises anymore — it's the primary attack surface for businesses of every size. When Black Kite's 2026 Third-Party Breach Report verified that each compromised vendor exposed an average of 5.28 downstream companies, the old "it won't happen to us" argument collapsed. Your data is only as secure as the weakest vendor in your supply chain.

The Software Update That Shut Down the World

In July 2024, CrowdStrike — one of the most trusted names in endpoint security — pushed a faulty configuration update to its Falcon sensor. The result wasn't a hack, but the blast radius was indistinguishable from one: approximately 8.5 million Windows devices crashed into a blue-screen boot loop, grounding airlines, freezing hospital systems, and halting financial transactions globally. Insurer Parametrix estimated insured losses at $540 million to $1.08 billion, while total economic damage ran into the tens of billions.

The root cause was a failure in CrowdStrike's own internal testing and staged deployment pipeline. The update bypassed gradual rollout controls and hit millions of endpoints simultaneously. For the businesses affected, the lesson was brutal: even a security vendor you pay to protect you can become the single largest operational threat to your business.

What should have happened: CrowdStrike should have enforced staged, ring-based deployments — pushing updates to 1%, then 10%, then broader cohorts — with automated rollback triggers. On your side, your business should maintain vendor-outage contingency plans and test them regularly.

The Ransomware Pipeline Through Your ERP Provider

Manufacturing and consulting firms were the most-ransomed sectors in 2025, according to Intel 471's dark-web analysis. Attackers aren't breaching factories directly. They're compromising the managed service providers, ERP vendors, and cloud platforms those manufacturers depend on, then pivoting laterally into production networks. When the ransomware hits, it encrypts not just one company's data but every client connected to that shared platform.

A February 2026 incident tracked by PKWARE involved threat actor "Zestix" selling batches of corporate data stolen from multiple companies through a single compromised SaaS provider. The victims had no indication of the breach until their data appeared for sale — the average breach notification lag from third parties is now 117 days, per Black Kite. That's almost four months during which attackers can exfiltrate data, deploy backdoors, and plan their next move.

What should have happened: The SaaS provider needed network segmentation isolating each tenant, real-time anomalous access detection, and contractual breach notification obligations measured in hours, not months. Your business should demand all three before signing a vendor agreement.

The Open-Source Poison in Your Software Stack

Sonatype's 2026 State of the Software Supply Chain Report documented 454,600+ new malicious packages uploaded to npm, PyPI, Maven, NuGet, and Hugging Face in 2025 — a 75% year-over-year jump. These aren't obscure libraries. Attackers use typosquatting (naming packages to resemble legitimate ones) and dependency confusion to inject malware into the software supply chain that your internal tools — and your vendors' tools — pull in automatically.

Group-IB's 2026 threat report identified six organized attack groups now specializing exclusively in supply chain compromise, targeting SaaS platforms, open-source registries, and MSP networks. The industrialization of supply chain attacks means this is no longer opportunistic; it's a structured, profitable business model.

A single poisoned dependency in a vendor's product can expose every customer using that software. When your accounting platform, CRM, or inventory system auto-updates, it may pull compromised code without anyone noticing until customer data is already exfiltrated.

What should have happened: Vendors should maintain a Software Bill of Materials (SBOM) for every product they ship, run automated dependency scanning in CI/CD pipelines, and pin dependencies to verified, hashed versions. Your business should require an up-to-date SBOM as a condition of procurement.

What to Demand From Every Vendor This Week

You don't need a dedicated security team to reduce your third-party risk. Here are five demands every business owner can make — today — of every vendor that touches your data:

  1. Breach notification within 24 hours, in writing. If your vendor's standard contract says "reasonable timeframe," strike it out. Demand 24-hour notification of any security incident affecting your data, with a named contact and escalation path.
  2. SOC 2 Type II or ISO 27001 certification — current, not expired. If a vendor can't produce a current third-party audit report, they haven't been independently verified. Accept nothing less.
  3. An up-to-date Software Bill of Materials (SBOM). Ask: "Show me every software component and dependency in the product we use." If they can't produce one, they don't know what's in their own code.
  4. Multi-factor authentication enforced for all accounts accessing your data. Not offered, not optional — enforced. This includes their internal admin accounts and any API integrations.
  5. A documented incident response plan that includes downstream notification procedures. Ask to see the specific section that covers how they notify customers like you. If it's vague, walk away.

FAQ

Q: My business is small. Do attackers really target companies like mine through vendors?

Yes — and you're a more attractive target than you think. Intel 471's data shows SMBs are disproportionately victimized through third-party compromise precisely because they lack the resources to vet vendors thoroughly. Attackers know that breaching one payroll provider or accounting platform gives them access to hundreds of small businesses at once. You are not too small to be in the blast radius.

Q: What's the single most effective thing I can do to reduce third-party risk?

Inventory every vendor that stores, processes, or transmits your data — then rank them by the sensitivity of that data. Start demanding certifications and breach notification commitments from the top five. Most businesses discover they have 50+ vendors and haven't reviewed security terms for any of them since signing.

Q: Is a SOC 2 report really necessary for every vendor?

Not every vendor needs a full SOC 2, but any vendor holding personally identifiable information, financial data, or health records of your customers should have independent attestation. For lower-risk vendors, a security questionnaire covering access controls, encryption, and incident response is a reasonable minimum.

Q: How do I know if a vendor has already been breached?

Assume they have. IBM's 2025 Cost of a Data Breach Report found the average supply chain breach takes 267 days to identify and contain. Your vendor may be compromised right now and not know it. This is why contractual notification timelines matter — they're your only guarantee that you'll learn about a breach before your customers do.

Conclusion

The era when you could trust your vendors to handle security is over — not because vendors are malicious, but because they are the path of least resistance for sophisticated attackers. With third-party breach involvement doubling in a single year and average detection windows stretching past eight months, the burden has shifted to you. Demand certifications, demand SBOMs, demand 24-hour notification, and walk away from vendors who won't comply.

Your customers' data depends on choices you make about who you do business with. Make those choices with the same scrutiny you'd apply to locking your own front door.

Is your business protected against supply chain threats? Visit consult.lil.business for a free cybersecurity assessment tailored to Australian businesses.

References

  1. Black Kite Third-Party Breach Report 2026
  2. Intel 471 — Ransomware and Extortion Attacks Surge 63% in 2025
  3. Sonatype 2026 State of the Software Supply Chain Report
  4. IBM Cost of a Data Breach Report 2025 — Supply Chain Findings
  5. Group-IB — Six Supply Chain Attack Groups to Watch in 2026

TL;DR

  • A popular AI tool called Langflow had a security flaw — like leaving a factory door unlocked
  • Bad guys found the open door and walked in within 20 hours of it being discovered
  • They could steal keys, passwords, and data from businesses using this tool
  • The lesson: AI tools need strong locks, just like your house or office does

What Happened?

Imagine you build a factory that makes robots. The robots are supposed to help businesses do work — answer questions, process paperwork, and automate tasks.

Now imagine you forget to lock the factory's front door. Anyone can walk in, mess with your robots, and even reprogram them to do bad things.

That's what happened with Langflow.

What Is Langflow?

Langflow is a tool that helps people build AI-powered robots (called "agents" or "workflows") without writing computer code. It's like using Lego blocks to build something — you drag and drop pieces to create an AI that can:

  • Answer customer questions
  • Read and organize documents
  • Send automated emails
  • Process data

Lots of businesses use Langflow or tools like it to make their work faster and easier.

The Unlocked Door

Langflow had a big security mistake. One of its entrances — a special door called an "API endpoint" — was supposed to show public AI workflows to visitors.

But this door had a problem:

  • It didn't check who was knocking (no authentication)
  • It would accept any instructions visitors gave it
  • It would run those instructions immediately without asking questions

This is like a door that not only unlocks itself, but also hands over the keys to anyone who asks.

What Bad Guys Did

On March 17, 2026, security researchers told everyone about this unlocked door. They thought: "Now people can fix it!"

But bad guys thought: "Now we know where the open door is!"

Within 20 hours — less than a day — attackers were:

  1. Scanning the internet for Langflow installations
  2. Walking through the unlocked door
  3. Stealing passwords, keys, and data
  4. Leaving backdoors to come back later

Twenty hours is incredibly fast. Most businesses take weeks just to read security advisories. These attackers acted before most people even knew there was a problem.

What They Could Steal

When someone walks through an unlocked door in a computer system, they can take:

  • Passwords and keys: Like stealing the keys to every room in a building
  • Secret data: Customer information, business documents, financial records
  • Access to other systems: Using one unlocked door to reach connected systems
  • Control over the robots: Reprogramming AI agents to do whatever the attacker wants

It's not just one computer at risk. It's everything connected to it.

Why This Matters to You (Even If You Don't Use Langflow)

You might be thinking: "I don't use Langflow. Why should I care?"

Here's why:

1. You Might Be Using It Without Knowing

Lots of companies sell AI tools and services. They might use Langflow inside their products without telling you. It's like buying a car and not knowing what brand of engine is inside.

If you've:

  • Hired an AI consultant
  • Bought AI-powered software
  • Used chatbots or automation tools

...you might be using Langflow or tools like it.

2. The Same Problem Exists Everywhere

Langflow isn't the only AI tool with security issues. The same mistake — forgetting to lock doors and check who's knocking — happens all the time in AI software.

3. AI Tools Are the New Factories

As businesses use more AI, they're building more "robot factories." If those factories don't have good locks, alarms, and security guards, they become easy targets.

What You Can Do

If You Have AI Tools

  1. Ask questions: Find out what AI tools your business uses
  2. Check for updates: Make sure all AI software is updated to the latest version
  3. Change passwords: If you used an old version of Langflow, change all your passwords and keys
  4. Watch for weird stuff: If your AI tools start acting strangely, tell someone

If You're Buying AI Services

  1. Ask about security: "What do you do to keep your AI tools safe?"
  2. Demand updates: "How quickly do you fix security problems?"
  3. Check their reputation: Work with companies that take security seriously

For Everyone

  • Treat AI tools like important equipment: You wouldn't leave your office door unlocked or give your house keys to strangers. Don't do it with AI tools either.
  • Use security experts: Just like you hire a locksmith for your doors, hire cybersecurity experts for your AI systems.

The Lesson

The Langflow hack teaches us something simple:

When you build something powerful, you need to protect it.

AI tools are powerful. They can see your data, control your systems, and make decisions for your business. That makes them valuable — and valuable things need strong security.

Twenty hours is all it took for attackers to exploit a mistake. In the AI world, speed matters. Security needs to be built in from the start, not added later.

FAQ

Langflow is a tool for building AI-powered robots and workflows without writing code. It's like using Lego blocks to create AI assistants that can help with business tasks.

Langflow had an "unlocked door" — a security flaw that let anyone send commands to its systems without proving who they were. This is called an "unauthenticated remote code execution" vulnerability.

Attackers found and started exploiting the flaw within 20 hours of it being publicly announced. That's less than one day.

You might be using it indirectly through other AI tools or services. Also, the same security mistakes happen in other AI software. Understanding this helps you ask better questions about AI security.

Update AI tools regularly, ask vendors about their security practices, change passwords after vulnerabilities are discovered, and work with cybersecurity experts who understand AI.

Treat AI tools like important business equipment. Ask about security before buying AI services. Update everything promptly. Watch for strange behavior in your AI systems. Partner with security experts who understand AI infrastructure.

References

[1] Langflow Project, "Langflow - Visual AI Workflow Builder," GitHub, 2026. [Online]. Available: https://github.com/langflow-ai/langflow

[2] Sysdig Research Team, "CVE-2026-33017: How Attackers Compromised Langflow AI Pipelines in 20 Hours," Sysdig Blog, Mar. 2026. [Online]. Available: https://www.sysdig.com/blog/cve-2026-33017-how-attackers-compromised-langflow-ai-pipelines-in-20-hours

[3] The Hacker News, "Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure," The Hacker News, Mar. 2026. [Online]. Available: https://thehackernews.com/2026/03/critical-langflow-flaw-cve-2026-33017.html

[4] A. Srivastava, "How I Found CVE-2026-33017," Medium, Mar. 2026. [Online]. Available: https://medium.com/@aviral23/cve-2026-33017-how-i-found-an-unauthenticated-rce-in-langflow-by-reading-the-code-they-already-dc96cdce5896

[5] Tenable, "CVE-2026-33017," Tenable Vulnerability Database, Mar. 2026. [Online]. Available: https://www.tenable.com/cve/CVE-2026-33017

Building AI tools for your business? Make sure they're secure from day one. Talk to lilMONSTER about AI security that protects what you've built. Learn more →

Ready to strengthen your security?

Talk to lilMONSTER. We assess your risks, build the tools, and stay with you after the engagement ends. No clipboard-and-leave consulting.

Get a Free Consultation