JFrog recently released its 2025 Software Supply Chain State of the Union Report, revealing significant security challenges facing software supply chains amidst the rapid advancement of artificial intelligence (AI). The report, based on a survey of over 1400 professionals and data analysis from over 7000 clients, paints a concerning picture of the current security landscape.
The report highlights a sharp increase in software supply chain vulnerabilities over the past year. Cases of “secret” or confidential information exposure increased by 64%, reaching a staggering 25,229 instances. This data suggests that as businesses become more reliant on machine learning (ML) models, security risks are also escalating. While 94% of companies claim to use certified inventories to manage ML models, 37% still rely on manual verification methods, significantly increasing security vulnerabilities.
Furthermore, the number of newly added security vulnerabilities (CVEs) in 2024 reached 33,000, a 27% increase from 2023. Concerningly, only 12% of CVEs were confirmed to be truly “critical,” possibly indicating a scoring system inflation and leading to unnecessary remediation pressure and developer burnout.
JFrog's CTO, Yoav Landman, points out that while many organizations are actively adopting public ML models to drive innovation, the lack of automated toolchains and governance processes makes security management increasingly complex. He urges businesses to accelerate their automation transformation in the rapidly evolving AI environment to ensure both enhanced innovation and robust software security.
Overall, current software supply chain security issues represent not only technical challenges but also a test of enterprise management and operational practices. In the age of AI, establishing more robust security measures has become a critical task for all businesses.
