Mar 20
Loading video player...
Ahead of KubeCon + CloudNativeCon EU 2026 in Amsterdam, VMblog sat down with Paul Horton, Principal Sales Engineer at Sonatype, to dig into one of the most pressing challenges facing cloud-native development teams today: how do you move fast without dragging security debt along for the ride? Paul breaks down the three critical friction points he's seeing in the trenches right now — the AI paradox, the growing visibility gap in software supply chains, and the "security tax" that's draining developer productivity. With Sonatype's 2026 research revealing that AI coding agents are hallucinating non-existent packages or selecting malicious dependency versions nearly 28% of the time, the stakes have never been higher. In this interview, Paul walks through how Sonatype's platform — backed by 20+ years of curated open source intelligence, operation of Maven Central, and AI/ML risk analysis across 270 million+ components — delivers real-time, actionable security insights that go far beyond what the National Vulnerability Database can offer. You'll also get an exclusive live demo showing Sonatype's MCP server integrated directly into an AI coding assistant, catching a known malicious package hijack in real time — the kind of threat that no AI model trained on stale data could ever detect on its own. Plus, find out what Sonatype has planned for the KubeCon expo floor, including their buzzy activation zone featuring two full bowling alleys designed to drive home one simple message: keep your AI out of the gutter. Key topics covered: * Why AI coding assistants introduce dangerous open source risk * The 2025 National Vulnerability Database funding crisis and its lasting impact * How Sonatype delivers vulnerability intelligence 10x faster than the NVD * Real-world customer results from a global financial services firm * Live demo: Sonatype Guide MCP server + Claude catching a supply chain attack * Sonatype's 2026 roadmap toward autonomous supply chain management Find Sonatype at KubeCon EU 2026 at booths 688 and 860, or visit sonatype.com and guide.sonatype.com to explore their tools for free.