Software supply chain attacks and the abuse of AI plug-in ecosystems are presenting new opportunities for credential theft and exploitation. Cloud misconfigurations and global policy moves around AI tooling underline the urgent need for improved monitoring, key management, and vendor vetting. Defenders should pay special attention to development environment plugins and open-source dependencies.