Three weeks ago, OpenAI confirmed what many in the security community already suspected: two of its employees had their devices compromised through a supply chain attack on TanStack, a popular open-source framework. The attackers made off with internal credentials. OpenAI is not a small business. It has dedicated security teams, strict DevOps hygiene, and resources that most companies would envy. Still, the attackers got in.
That fact should unsettle every small-business owner and IT manager who thinks supply chain security is someone else’s problem.
The numbers from 2026 make the threat concrete. Ransomware attacks against SMBs are projected to rise 40% by year’s end, according to Cobalt. Small businesses report a cyberattack every seven seconds. The average breach costs roughly $254,000 — a figure that puts survival into sharp relief, since 60% of attacked firms close within six months. Those aren’t abstract statistics. They’re the beginning of a conversation about whether your business can absorb that kind of loss.
But the more significant shift in 2026 isn’t the volume of attacks. It’s the target selection and the methods. SMBs now account for 43% of all cyberattacks, per recent industry surveys. And the attack on SAP’s npm ecosystem in late April — a campaign researchers dubbed “Mini Shai-Hulud” — shows exactly how threat actors are exploiting the smaller, less-defended perimeter.
How the SAP Attack Worked — and Why It Matters for Your Business
On April 29, 2026, four official npm packages from SAP’s development ecosystem were republished with malicious versions. For roughly two to four hours, anyone running npm install against the wrong version pulled a credential-stealing payload. Researchers found references to the campaign in over 1,000 GitHub repositories — each one a developer’s project, recently poisoned without their knowledge.
The mechanism was a preinstall script embedded in the malicious package. When a developer ran npm install, the script executed silently, in the background, harvesting credentials from the local environment. No zero-day exploit. No sophisticated vulnerability. Just a trusted package, briefly compromised, doing exactly what it was designed to do.
This is the supply chain attack model: compromise the tool, not the target. One successful poisoning can yield hundreds of downstream infections. The attacker invests once; the payoff multiplies across every organization that pulls the poisoned package.
For a small business that relies on open-source dependencies — which is to say, almost all of them — this means your security posture is partially determined by maintainers you’ve never met, at companies you’ve never heard of, whose CI/CD pipelines you’ve never audited. You inherit their risk.
The NIST Backlog Problem Made This Worse
April 2026 brought another quiet shift that compounds the problem. NIST’s National Vulnerability Database, the canonical source that most organizations rely on for CVE information, formally gave up on enriching the long tail of older vulnerabilities. As of mid-April, approximately 29,000 legacy CVEs are now marked “Not Scheduled” — not because they’re resolved, but because NIST no longer has the resources to process them.
New submissions in Q1 2026 ran about a third higher than the same period last year. The NVD is working faster than ever, but falling further behind. Only an estimated 15 to 20 percent of new CVEs receive full enrichment now. That means the detailed analysis, the severity scoring, the context that helps teams prioritize — it’s missing for the majority of newly published vulnerabilities.
For a small business that relies on automated vulnerability scanning, this creates a dangerous gap. Your scanner may flag thousands of CVEs without the context to know which ones are actually exploitable in your environment. You’re flying partially blind just when attackers are getting more sophisticated.
AI: Accelerating Both Attacks and (Some) Defenses
The security community has spent years warning that AI would lower the barrier for threat actors. In 2026, that warning is materializing. Agents are now deploying fully autonomous attack campaigns with no human operator steering the intrusion. Ransomware groups are using AI to identify vulnerable supply chain links faster, to craft convincing phishing content, and to adapt in real time when a lure gets burned.
But AI cuts both ways. The same models that generate convincing social engineering content are being integrated into security tooling — automated threat hunting, anomaly detection tuned to your specific network traffic, and incident response that starts containment before a human analyst finishes reading the first alert. The organizations making progress on defense are the ones treating AI as a force multiplier for their existing team, not a magic solution.
What Small Businesses Can Actually Do
This is where the advice gets uncomfortable, because there is no single fix. Supply chain security requires discipline across multiple layers.
Audit your dependency tree. Most small businesses have more open-source packages in their projects than they’d estimate. Run npm audit or its equivalent regularly. Pin your package versions and review your package-lock.json — don’t let your CI/CD pull unchecked updates from registries you trust by default.
Implement a software bill of materials. A SBOM sounds like enterprise bureaucracy, but the cost of generating one has dropped dramatically. Knowing exactly what you’ve pulled in is the prerequisite for knowing what’s been compromised when the next advisory drops.
Rotate credentials regularly, especially within CI/CD pipelines. The SAP attack harvested developer credentials. Long-lived tokens, unused service accounts, and old deploy keys are the quiet accumulation of technical debt that becomes a breach vector.
Prioritize by exploitability, not just severity scores. With 80% of new CVEs arriving without full NVD enrichment, you need to make your own prioritization calls. If a CVE has a known proof-of-concept exploit in the wild, treat it as critical regardless of what the official score says.
Apply the principle of least privilege to your vendor relationships. The attack on OpenAI started with two employee devices. That means the initial access path didn’t require hacking the company — just one person’s workstation. Your vendors are an extension of your attack surface. Know what access they’ve been granted and why.
The Quiet Threat You Don’t See
The hardest part of supply chain risk is that it moves through channels you don’t control and often don’t monitor. You’re trusting that the SAP developer who republished those npm packages had secure credentials. You’re trusting that the TanStack maintainer’s account wasn’t phished. You’re trusting that the Cemu project’s GitHub builds were properly secured — and 20,000 Linux users learned the hard way that those trusts were misplaced.
Supply chain attacks are not new. What’s new in 2026 is the combination of AI-accelerated exploitation, an overwhelmed NVD, and threat actors specifically targeting the smaller, less-defended organizations in the chain. The attackers have made the math work in their favor: small businesses are profitable targets precisely because they can’t afford dedicated security teams, but they depend heavily on open-source tooling and vendor software that the attackers can compromise at scale.
The good news is that most supply chain attacks have a window. The SAP packages were malicious for two to four hours. If your monitoring is fast enough, you can catch the infection before it spreads. The question is whether your team will be looking when that window opens.
