157 malware reports were withdrawn from the OSV database after maintainers concluded the submissions were likely automated false positives, highlighting a fresh trust problem in open-source security feeds.
The pullback came a day after a CrowdStrike-led operation with Google and Shadowserver disrupted all four GlassWorm command-and-control channels tied to hundreds of poisoned repositories and trojanized developer packages.
That contrast underscored two parallel risks for software supply chains: attackers can quickly reappear after takedowns, while bad automated reports can spread through dependency scanners, CI checks, SBOM tools and internal policy systems.
FastAPI v0.136.3 was among the falsely flagged packages, showing how even short-lived errors can delay deployments, disrupt CI/CD pipelines and consume analyst and developer time.
Analysts said takedowns buy time rather than eradicate threats, pushing defenders toward rapid post-takedown scanning, tighter segmentation and tools that reduce reliance on noisy AI-generated reporting.
With AI creating both sophisticated malware and false alerts, how can defenders win the signal-versus-noise war?
Takedowns are temporary. How can we fix the deep-rooted identity and trust flaws in open-source ecosystems?
As malware uses blockchains for command and control, are traditional cybersecurity takedowns now obsolete?
157 False Malware Reports and the GlassWorm Botnet: Lessons from the May 2026 Open Source Supply Chain Crisis
Overview
On May 26, 2026, the Open Source Vulnerability (OSV) database withdrew 157 reports of malicious packages after automated detection systems, specifically Amazon Inspector, mistakenly flagged trusted npm and PyPI packages as malware. This error happened because an automated ingestion pipeline, added in October 2025, fed Amazon Inspector reports directly into OSV’s malware records without any human validation. As a result, false positives were treated as real threats, causing incorrect information to quickly spread across security scanners, CI/CD pipelines, and other development tools. This incident highlights the risks of relying solely on unvalidated automation in open-source security.