Once again, security risks dominate the software supply chain. JFrog emphasizes this in the recently published Software Supply Chain State of the Union 2025 report. A quartet of problems presents itself: vulnerabilities, malicious packages, exposed secrets and misconfigurations or human error.
The software supply chain is a link in modern IT environments that is as crucial as it is vulnerable. The new research report by JFrog, released during KubeCon + CloudNativeCon Europe in London, shows that organizations are struggling with increasing threats that are amplified by, how could it be otherwise, the rise of AI.
The JFrog Software Supply Chain State of the Union report combines insights from more than 1,400 developers, security and operations professionals from the US, UK, France, Germany, India and Israel, supplemented with usage data from JFrog’s 7,000+ customers and original CVE analysis by the JFrog Security Research team.
Quadruple threat to software integrity
The report identifies a “quad-fecta” of threats to the integrity and security of the software supply chain: vulnerabilities (CVEs), malicious packages, exposed secrets and configuration errors/human error. JFrog’s research team detected no fewer than 25,229 exposed secrets and tokens in public repositories – an increase of 64% compared to last year. Worryingly, 27% of these exposed secrets were still active.
This interwoven set of security dangers makes it particularly difficult for organizations to keep their digital walls consistently in order. Previous research (including by JFrog itself) has already shown that supply chain risks are a growing problem for companies, with the inherent complexity of growing IT systems as a fundamental problem.
Explosive growth of AI models and attacks
One of the latest (and at the same time unfortunately predictable) findings is the explosive growth of risks by and for AI. In 2024, more than 1 million new AI models and datasets were added to Hugging Face. The increase among malicious models was enormous: 6.5 times from 2023 to 2024.
The report shows that 94% of organizations maintain certified lists of approved AI models to monitor how developers use ML artifacts. However: 37% of companies still rely on manual efforts to compile and maintain these lists, raising concerns about the accuracy and consistency of AI model security.
Too many security tools, too little visibility
Almost three-quarters (73%) of the professionals in the survey use seven or more security or supply chain security solutions, while 49% say they use ten or more tools. Paradoxically, this proliferation of security tools makes it more difficult to secure effectively.
“More is not always better,” the report states. The collection of tools can make organizations more vulnerable due to increased complexity for developers. At the same time, visibility in the programming code remains a problem: only 43% of IT professionals say that their organization applies security scans at both the code and binary level. This is a decrease from 56% compared to last year and indicates that teams still have large blind spots when identifying software risks.
Open source remains a risk factor
More than 70% of developers download packages directly from public repositories – a risky practice that can expose an entire organization to attacks via a single developer machine. At the same time, the number of critical vulnerabilities continues to rise. In 2024, nearly 33,000 new CVEs were reported worldwide, an increase of 27% compared to 2023.
Fellow researcher Anchore also sounded the alarm regarding supply chain security. Research published at the end of 2024 showed that only one in five organizations has a good understanding of their software supply chain and that most companies do not know which components and dependencies are included in their solutions.
CVE scores misleading
Another finding is very familiar to us, which is that CVE scores can often be misleading. JFrog’s security researchers discovered that only 12% of the highly profiled CVEs that were rated as “critical” (CVSS between 9.0-10.0) were actually exploitable and posed a risk to development environments. We have already indicated that vulnerabilities with relatively mediocre scores in cooperation actually pose the greatest potential risks, not the most severe privilege escalation or RCE dangers, which are the most destructive on paper in isolation.
The allegation from JFrog in this area to some other parties is rather serious. “We uncovered a clear pattern by CVE scoring organizations to inflate scores and cause an unnecessary level of panic in the industry, sending developers scrambling on remediation efforts that oftentimes end up being a waste of their cognitive and professional time,” said Shachar Menashe, Vice President of Security Research. “When DevSecOps teams are forced to remediate vulnerabilities that aren’t ultimately harmful, their everyday workflows are disrupted, which can lead to developer burnout and costly mistakes.”