JFrog 2026 Report: AI Governance Gap and Rising Software Supply Chain Risks

by Daniel Perez - News Editor
0 comments

The 2026 Software Supply Chain Security State of the Union report by JFrog reveals that malicious actors are increasingly targeting AI models and developer tools, leading to a 451% surge in compromised npm packages. Organizations face a growing "illusion of mastery," as 97% of companies claim to have AI governance, yet 53% still use models from sources where malicious payloads have been identified.

Rising Risks in the AI Software Supply Chain

The integration of artificial intelligence into software development has expanded the attack surface for malicious actors. According to the JFrog 2026 report, attackers are moving beyond traditional package registries to exploit AI model registries and agent-based development tools.

Rising Risks in the AI Software Supply Chain

The data, derived from billions of artifacts managed on the JFrog platform and a survey of security and DevOps professionals, highlights a shift in tactics. Attackers are no longer just targeting source code; they are compromising the autonomous tools that write, review, and deploy that code. JFrog researchers identified 495 malicious AI models on Hugging Face and 969 malicious AI agent capabilities, alongside 56 compromised extensions on OpenVSX.

The Gap Between Perceived and Actual Security

A significant disparity exists between the security measures organizations claim to have and the reality of their infrastructure. While 97% of surveyed organizations report having certified model governance, more than half (53%) continue to self-host models from sources known to harbor malicious payloads. Furthermore, 18% of respondents lack any governance over their integrated development environments (IDE) or Model Context Protocol (MCP) servers.

This "illusion of mastery" is exacerbated by the volume of vulnerabilities. In 2025, over 48,000 new CVEs were disclosed—a 20% increase from the previous year. JFrog Security Research suggests this is partly due to AI-generated code reintroducing legacy vulnerabilities, such as Injection (CWE-74), which saw a substantial increase. Despite the volume, researchers noted that 66% of analyzed CVEs had minimal real-world applicability, suggesting that organizations often focus on the wrong signals.

The Human Cost of AI Integration

The transition to AI-driven development has shifted, rather than eliminated, the workload for security teams. According to the report, 45% of security professionals spend significant time reviewing and hardening AI-generated code.

Software Supply Chain Security for Open Source Projects – it's time to prepare!

"The industry is operating with a false sense of security," said Shachar Menashe, VP of JFrog Security Research. "The true threat lies in malicious actors taking control of our CI/CD pipelines and developer tools before the code even exists."

Key Findings at a Glance

  • npm Compromise: Malicious npm packages increased by 451% year-over-year, with 177,000 new malicious packages detected.
  • Lack of Coverage: Only 40% of organizations have implemented malicious package detection, and secret detection is active in only 28% of environments.
  • Efficiency: The "Qix" campaign demonstrated the scale of these threats, using only 25 packages to compromise over 2.5 million downloads.

Moving Toward Automated Governance

As AI moves from experimental projects to structural components of the software supply chain, experts emphasize the need for automated, platform-native governance. Yoav Landman, CTO and co-founder of JFrog, noted that the competition is no longer about who discovers a zero-day vulnerability first, as that information becomes public quickly. Instead, the focus must shift to hardening the entire software supply chain at scale to ensure that every asset—whether introduced by a human or an AI agent—is curated and monitored from entry to production.

Key Findings at a Glance

Related Posts

Leave a Comment