AI that recommends dependency upgrades without checking actual sources creates a dangerous situation. New research shows that 27.76 percent of recommendations refer to versions that do not even exist. This means a lot of fictitious versions that cost developers valuable time.
This is according to figures from Sonatype. The problem goes beyond mere hallucinations. AI can also recommend existing but dangerous versions. Think of vulnerable software, malware, or packages that fall outside company policy. For developers, this results in broken pipelines and a loss of confidence in automation.
Registries such as Maven Central, PyPI, npm, and NuGet currently process 9.8 trillion downloads per year. The top three cloud providers generate more than 108 billion requests on Maven Central alone.
Attackers take advantage of vulnerabilities
In 2025, 454,648 new malicious packages were logged worldwide. The total since 2019 is now over 1.233 million. According to Sonatype, this shows continued pressure on ecosystems that were originally designed to be open and accessible.
At the same time, 65 percent of open source CVEs lack an NVD-assigned CVSS score. This missing data is not neutral. It creates chaos when prioritizing risks, slows down upgrades, and leaves teams guessing about what is really important.
Tip: Lazarus hackers use open-source tools for malware infection