According to a recent LinkedIn post from Semgrep, the company is drawing attention to a security incident involving PyTorch Lightning versions 2.6.2 and 2.6.3, which the post says were compromised with Shai-Hulud malware. The post notes that Semgrep Supply Chain customers received a detection rule on April 30, 2026, and are directed to an advisory panel to assess potential exposure.
Claim 55% Off TipRanks
- Unlock hedge fund-level data and powerful investing tools for smarter, sharper decisions
- Discover top-performing stock ideas and upgrade to a portfolio of market leaders with Smart Investor Picks
The LinkedIn post further advises affected users to rotate GitHub tokens, cloud credentials, and API keys, and to audit repositories for unexpected files in specific directories. For investors, this activity suggests ongoing demand for Semgrep’s supply-chain security capabilities and may reinforce its positioning in the software supply-chain risk market, though it also underscores the persistent and evolving nature of vulnerabilities in widely used AI and ML tooling.