Ahmad Nassri
@ahmadnassri.com
Syrian-Canadian 🇸🇾🇨🇦, Fractional CTO, Developer Accelerator.
past: npm, Telus, Kong, CBC, BlackBerry
past: npm, Telus, Kong, CBC, BlackBerry
Reposted by Ahmad Nassri
Check out Socket CTO @ahmadnassri.com
at @workos.bsky.social' Enterprise Ready Conf: Ahmad joined a panel discussing how enterprise security is adapting, as AI speeds up both software development and attacks targeting developer machines. socket.dev/blog/how-ent...
at @workos.bsky.social' Enterprise Ready Conf: Ahmad joined a panel discussing how enterprise security is adapting, as AI speeds up both software development and attacks targeting developer machines. socket.dev/blog/how-ent...
How Enterprise Security Is Adapting to AI-Accelerated Threat...
Socket CTO Ahmad Nassri discusses why supply chain attacks now target developer machines and what AI means for the future of enterprise security.
socket.dev
November 5, 2025 at 6:48 PM
Check out Socket CTO @ahmadnassri.com
at @workos.bsky.social' Enterprise Ready Conf: Ahmad joined a panel discussing how enterprise security is adapting, as AI speeds up both software development and attacks targeting developer machines. socket.dev/blog/how-ent...
at @workos.bsky.social' Enterprise Ready Conf: Ahmad joined a panel discussing how enterprise security is adapting, as AI speeds up both software development and attacks targeting developer machines. socket.dev/blog/how-ent...
November 1, 2025 at 4:09 PM
Reposted by Ahmad Nassri
🚀 Socket Launch Week Day 5!
Malicious packages are infiltrating development environments before they ever reach production.
Today we're answering these threats with the release of Socket Firewall Enterprise: configurable, enterprise-grade protection for modern package ecosystems.
Malicious packages are infiltrating development environments before they ever reach production.
Today we're answering these threats with the release of Socket Firewall Enterprise: configurable, enterprise-grade protection for modern package ecosystems.
October 24, 2025 at 6:27 PM
🚀 Socket Launch Week Day 5!
Malicious packages are infiltrating development environments before they ever reach production.
Today we're answering these threats with the release of Socket Firewall Enterprise: configurable, enterprise-grade protection for modern package ecosystems.
Malicious packages are infiltrating development environments before they ever reach production.
Today we're answering these threats with the release of Socket Firewall Enterprise: configurable, enterprise-grade protection for modern package ecosystems.
Reposted by Ahmad Nassri
1️⃣
AI models aren’t just math -- they’re code.
And just like npm or PyPI, they can get hacked.
Today we’re launching malware scanning for the Hugging Face ecosystem. 🤖🔍
Socket can now detect backdoors and malicious payloads inside AI models themselves.
👇
www.youtube.com/watch?v=9FQy...
AI models aren’t just math -- they’re code.
And just like npm or PyPI, they can get hacked.
Today we’re launching malware scanning for the Hugging Face ecosystem. 🤖🔍
Socket can now detect backdoors and malicious payloads inside AI models themselves.
👇
www.youtube.com/watch?v=9FQy...
Announcing Experimental Malware Scanning for the Hugging Face Ecosystem
YouTube video by Socket Security
www.youtube.com
October 20, 2025 at 4:21 PM
1️⃣
AI models aren’t just math -- they’re code.
And just like npm or PyPI, they can get hacked.
Today we’re launching malware scanning for the Hugging Face ecosystem. 🤖🔍
Socket can now detect backdoors and malicious payloads inside AI models themselves.
👇
www.youtube.com/watch?v=9FQy...
AI models aren’t just math -- they’re code.
And just like npm or PyPI, they can get hacked.
Today we’re launching malware scanning for the Hugging Face ecosystem. 🤖🔍
Socket can now detect backdoors and malicious payloads inside AI models themselves.
👇
www.youtube.com/watch?v=9FQy...
for better security: I use 1password cli with direnv to dynamically load env values (ssh keys, tokens, secrets, etc ...)
AWS outage -> 1password thinks it's offline -> can't run anything locally which requires secrets🥲
AWS outage -> 1password thinks it's offline -> can't run anything locally which requires secrets🥲
October 20, 2025 at 4:45 PM
for better security: I use 1password cli with direnv to dynamically load env values (ssh keys, tokens, secrets, etc ...)
AWS outage -> 1password thinks it's offline -> can't run anything locally which requires secrets🥲
AWS outage -> 1password thinks it's offline -> can't run anything locally which requires secrets🥲
Reposted by Ahmad Nassri
Recognition for Sarah! So deserved! @sarahgooding.bsky.social
October 16, 2025 at 2:50 PM
Recognition for Sarah! So deserved! @sarahgooding.bsky.social
Join me next week at the @workos.bsky.social Enterprise Ready Conf. will be speaking on a panel on all things security & how developers can take back control of their software supply chain.
If you're attending, lchat with me & the @socket.dev team IRL!
enterprise-ready.com
If you're attending, lchat with me & the @socket.dev team IRL!
enterprise-ready.com
October 15, 2025 at 3:16 PM
Join me next week at the @workos.bsky.social Enterprise Ready Conf. will be speaking on a panel on all things security & how developers can take back control of their software supply chain.
If you're attending, lchat with me & the @socket.dev team IRL!
enterprise-ready.com
If you're attending, lchat with me & the @socket.dev team IRL!
enterprise-ready.com
@bun.sh users can now install any package with confidence, knowing that @socket.dev got their back!
Free from malicious packages, typosquatting, and other supply chain attacks.
socket.dev/blog/socket-...
Free from malicious packages, typosquatting, and other supply chain attacks.
socket.dev/blog/socket-...
Socket Integrates With Bun 1.3’s Security Scanner API - Sock...
Socket now integrates with Bun 1.3’s Security Scanner API to block risky packages at install time and enforce your organization’s policies in local de...
socket.dev
October 10, 2025 at 10:36 PM
@bun.sh users can now install any package with confidence, knowing that @socket.dev got their back!
Free from malicious packages, typosquatting, and other supply chain attacks.
socket.dev/blog/socket-...
Free from malicious packages, typosquatting, and other supply chain attacks.
socket.dev/blog/socket-...
Supply chain attacks are evolving and so should your security practices.
case-in-point: Beamglea - a campaign that turns npm 💔 into a phishing-as-a-service platform
This isn't your typical supply chain attack. It's infrastructure weaponization.
socket.dev/blog/175-mal...
case-in-point: Beamglea - a campaign that turns npm 💔 into a phishing-as-a-service platform
This isn't your typical supply chain attack. It's infrastructure weaponization.
socket.dev/blog/175-mal...
175 Malicious npm Packages Host Phishing Infrastructure Targ...
175 malicious npm packages (26k+ downloads) used unpkg CDN to host redirect scripts for a credential-phishing campaign targeting 135+ organizations wo...
socket.dev
October 10, 2025 at 12:34 PM
Supply chain attacks are evolving and so should your security practices.
case-in-point: Beamglea - a campaign that turns npm 💔 into a phishing-as-a-service platform
This isn't your typical supply chain attack. It's infrastructure weaponization.
socket.dev/blog/175-mal...
case-in-point: Beamglea - a campaign that turns npm 💔 into a phishing-as-a-service platform
This isn't your typical supply chain attack. It's infrastructure weaponization.
socket.dev/blog/175-mal...
Happy to share I'm getting back to my roots in open source, this time around on the side of protecting software development!
If you haven't yet, you should install @socket.dev for your team!
If you haven't yet, you should install @socket.dev for your team!
October 6, 2025 at 9:39 PM
Happy to share I'm getting back to my roots in open source, this time around on the side of protecting software development!
If you haven't yet, you should install @socket.dev for your team!
If you haven't yet, you should install @socket.dev for your team!
Reposted by Ahmad Nassri
🚨 npm phishing alert!
Attackers are sending emails from spoofed support@npmjs.org addresses linking to a typosquatted clone site (npnjs.com) to steal credentials. This attack is designed to hijack npm accounts. Careful with those email links: socket.dev/blog/npm-phi... #nodejs #JavaScript
Attackers are sending emails from spoofed support@npmjs.org addresses linking to a typosquatted clone site (npnjs.com) to steal credentials. This attack is designed to hijack npm accounts. Careful with those email links: socket.dev/blog/npm-phi... #nodejs #JavaScript
July 18, 2025 at 8:20 PM
🚨 npm phishing alert!
Attackers are sending emails from spoofed support@npmjs.org addresses linking to a typosquatted clone site (npnjs.com) to steal credentials. This attack is designed to hijack npm accounts. Careful with those email links: socket.dev/blog/npm-phi... #nodejs #JavaScript
Attackers are sending emails from spoofed support@npmjs.org addresses linking to a typosquatted clone site (npnjs.com) to steal credentials. This attack is designed to hijack npm accounts. Careful with those email links: socket.dev/blog/npm-phi... #nodejs #JavaScript
get some perspective.
2 million people, surrounded by walls and the sea, under a 17+ year blockade.
what if it was in your city?
#GazaAttack #Gaza #GazaEverywhere
ahmadnassri.github.io/gaza-everywh...
2 million people, surrounded by walls and the sea, under a 17+ year blockade.
what if it was in your city?
#GazaAttack #Gaza #GazaEverywhere
ahmadnassri.github.io/gaza-everywh...
October 16, 2023 at 3:51 PM
get some perspective.
2 million people, surrounded by walls and the sea, under a 17+ year blockade.
what if it was in your city?
#GazaAttack #Gaza #GazaEverywhere
ahmadnassri.github.io/gaza-everywh...
2 million people, surrounded by walls and the sea, under a 17+ year blockade.
what if it was in your city?
#GazaAttack #Gaza #GazaEverywhere
ahmadnassri.github.io/gaza-everywh...
what's with the recent explosion of PMP certification spam on LinkedIn ????
August 18, 2023 at 2:13 PM
what's with the recent explosion of PMP certification spam on LinkedIn ????
I'm starting to document some of my fundamental learnings in this industry in writing ... took a first stab at some of it in a guesr post at Unified's blog (disclaimer: I'm an advisor)
next post will be about TCO & MVP architecture needs for startups
next post will be about TCO & MVP architecture needs for startups
Ask a CTO - Building your technology investment strategy
August 10, 2023
unified.to
August 10, 2023 at 8:34 PM
I'm starting to document some of my fundamental learnings in this industry in writing ... took a first stab at some of it in a guesr post at Unified's blog (disclaimer: I'm an advisor)
next post will be about TCO & MVP architecture needs for startups
next post will be about TCO & MVP architecture needs for startups
the staggering amount of over-engineering, horrible leadership, and clueles product owners I've seen after ~3 years of being a Fractional CTO really makes me question this entire career / industry...
if I had to do it all over again, I'd probably go into banking or law ...
if I had to do it all over again, I'd probably go into banking or law ...
July 26, 2023 at 12:06 PM
the staggering amount of over-engineering, horrible leadership, and clueles product owners I've seen after ~3 years of being a Fractional CTO really makes me question this entire career / industry...
if I had to do it all over again, I'd probably go into banking or law ...
if I had to do it all over again, I'd probably go into banking or law ...
normal 🧠: need to update a single DNS record for my domain
dev 🧠: now is the right time to migrate 50+ domains from Google Domains to CloudFlare AND do a full Terraform automation pipeline on GH Actions to manage them all!
dev 🧠: now is the right time to migrate 50+ domains from Google Domains to CloudFlare AND do a full Terraform automation pipeline on GH Actions to manage them all!
July 25, 2023 at 5:20 PM
normal 🧠: need to update a single DNS record for my domain
dev 🧠: now is the right time to migrate 50+ domains from Google Domains to CloudFlare AND do a full Terraform automation pipeline on GH Actions to manage them all!
dev 🧠: now is the right time to migrate 50+ domains from Google Domains to CloudFlare AND do a full Terraform automation pipeline on GH Actions to manage them all!
