AI Software Supply Chain Threats Escalate in 2026 

Artificial intelligence is rapidly transforming software development, but new research from JFrog suggests security teams are struggling to keep pace with the risks that come with it. 

The Software Supply Chain Security State of the Union 2026 report found that AI-driven development is accelerating malicious package activity, insecure AI tooling, and software supply chain governance gaps across enterprises. 

“AI has not only changed how software is written; it has also increased the speed and scale at which zero-day vulnerabilities are exploited, and malicious software supply chain attacks are developed and distributed,” said Yoav Landman, CTO and Co-Founder of JFrog.

Key Takeaways of the Software Supply Chain Security Report

• AI-driven software development is accelerating software supply chain risks faster than many organizations can govern or secure them effectively.
• Researchers identified nearly 500 malicious AI models in public registries capable of credential theft, remote code execution, and system compromise.
• Malicious npm package activity surged 451% in 2025, highlighting the growing scale of attacks targeting trusted developer ecosystems.
• Attackers are increasingly shifting upstream into developer tools, CI/CD pipelines, AI coding assistants, and IDE extensions.
• Many organizations still struggle with vulnerability prioritization and governance gaps surrounding AI-assisted development workflows.

How AI-Driven Supply Chain Risk is Evolving

The findings show that traditional software supply chain controls are struggling to keep pace with AI-driven development tools and rapidly expanding software dependencies. 

According to the report, 53% of organizations now pull AI models directly from public registries such as Hugging Face, where JFrog researchers identified 495 malicious AI models containing payloads capable of credential theft, malicious code execution, and remote system compromise. 

At the same time, software supply chains continue to grow at a massive scale. 

JFrog found that 11.7 million new packages entered enterprise software supply chains in 2025, representing a 67% increase over the previous year.

The report also documented a sharp rise in malicious package activity. 

Malicious npm packages surged 451% in 2025, reaching more than 171,000 unique malicious packages. 

Several large-scale software supply chain campaigns resulted in more than two million compromised downloads, underscoring how attackers increasingly target trusted development ecosystems to distribute malware at scale.

Attackers Shift Upstream Into Developer Environments 

Researchers noted that many organizations still lack consistent governance over AI coding assistants, IDE extensions, and Model Context Protocol (MCP) servers.  

Attackers are increasingly targeting developer workflows and CI/CD environments instead of relying solely on traditional malware or compromised open-source packages. 

JFrog documented multiple attacks involving compromised IDE extensions, malicious AI models, and vulnerable MCP servers containing critical remote code execution flaws.

Insecure AI-Generated Code Expands Risk 

Another major concern highlighted in the report is the rise of insecure AI-generated code. 

JFrog researchers observed increases in vulnerabilities such as XSS, SQL injection, and other injection flaws tied to insecure AI-assisted development workflows. 

As AI-generated code becomes more common, security teams may struggle to validate code quality, security, and dependency integrity at scale. 

Vulnerability Noise Complicates Risk Prioritization 

The broader vulnerability landscape is also becoming increasingly difficult for organizations to manage effectively. 

JFrog reported that more than 48,000 new CVEs were disclosed in 2025, representing a 20% year-over-year increase. 

However, researchers cautioned that many organizations are overwhelmed by vulnerability noise rather than focusing on vulnerabilities that pose meaningful real-world exploitability risks.

The report found that 96% of vulnerabilities initially rated “Critical” by the NVD were downgraded after contextual analysis, while only 12% were considered highly exploitable in enterprise environments. 

These findings suggest that many organizations may still lack effective risk prioritization processes capable of distinguishing theoretical exposure from practical operational risk.

Governance Gaps Persist Around AI Tooling 

JFrog’s findings also revealed growing governance gaps around AI tooling and development environments. 

Although 97% of surveyed organizations claimed to have certified AI model governance programs in place, 18% admitted they either lacked active governance policies for developer AI tools or failed to consistently enforce them. 

The findings suggest that some organizations still underestimate the operational and security risks of AI-enabled software supply chains. 

Reducing AI Software Supply Chain Risk 

JFrog recommends organizations adopt stronger governance and automation controls across software development pipelines, especially as AI adoption accelerates.

• Implement automated malicious package, secrets, and AI model scanning across repositories, CI/CD pipelines, and developer tooling environments.
• Extend governance controls to cover AI models, IDE extensions, developer assistants, and third-party software supply chain dependencies.
• Enforce software provenance tracking, artifact signing, SBOM generation, and reproducible builds to improve software integrity and visibility.
• Apply least privilege access controls, MFA, and environment segmentation across developer systems, repositories, and CI/CD infrastructure.
• Continuously monitor for typosquatting, dependency confusion, unauthorized outbound connections, and suspicious activity involving build systems or AI tooling.
• Conduct secure code reviews and validation processes for AI-generated code, third-party packages, and externally sourced AI models before deployment.
• Regularly test incident response and supply chain security plans through tabletop exercises, red-team assessments, and CI/CD compromise simulations.

The report also noted that 48% of organizations still require a week or more to generate compliance audit evidence, indicating many organizations continue relying on manual governance processes that may not scale in AI-driven development environments.

AI Is Reshaping Supply Chain Security 

JFrog’s findings reflect a broader shift occurring across enterprise cybersecurity. 

AI is accelerating software development, but it is also increasing the speed and scale of supply chain risk. 

Security teams are now defending an ecosystem that includes AI models, automated coding tools, multi-agent frameworks, and cloud-native development pipelines.

The report suggests organizations remain overly confident in their governance maturity despite mounting evidence of exposure gaps. 

As attackers increasingly target AI tooling and software delivery pipelines, security teams need to rethink how software supply chain security is managed in the AI era.