top of page
Search

JFrog’s 2025 State of the Software Supply Chain: AI, CVEs, and a Rising Storm of Silent Threats

The DevSecOps reality check: manual governance, inflated vulnerabilities, and an evolving AI threatscape converge in this year’s most sobering security report.


In a world increasingly run on code, the biggest threats may not be the most obvious. That’s the key message in JFrog’s 2025 Software Supply Chain State of the Union report—a comprehensive look at the hidden cracks forming in the digital foundations modern organizations are built on.


The verdict? It’s not just bad actors evolving. It’s the ecosystem itself fracturing under pressure—from AI-driven exploits, ballooning vulnerability databases, and overwhelming complexity.


And the worst part? Developers are burning out trying to fix things that may not even be broken.


“We uncovered a clear pattern by CVE scoring organizations to inflate scores and cause an unnecessary level of panic in the industry,” said Shachar Menashe, Vice President of Security Research at JFrog. “When DevSecOps teams are forced to remediate vulnerabilities that aren’t ultimately harmful, their everyday workflows are disrupted, which can lead to developer burnout and costly mistakes.”

The AI Paradox: Innovate Fast, Secure Slower


If 2023 was the year of AI adoption, 2024 was the year attackers joined the party. JFrog’s data shows a 5x increase in malicious machine learning (ML) models uploaded to Hugging Face alone, alongside the addition of more than a million new public models. It’s a Wild West scenario—vast opportunity and equally vast attack surface.


“Many organizations are enthusiastically embracing public ML models to drive rapid innovation,” said Yoav Landman, CTO and Co-Founder of JFrog. “However, over a third still rely on manual efforts to manage access to secure, approved models, which can lead to potential oversights.”


That reliance on human validation introduces latency, inconsistency, and risk—particularly when AI/ML models are treated like regular packages but harbor unique risks, such as poisoned data or obfuscated behavior that only activates post-deployment.


JFrog’s recommendation? Automate governance from day zero with AI-aware security tools and clearly defined policies—because today’s ML model might be tomorrow’s backdoor.


The “Quad-fecta” of Software Supply Chain Threats


JFrog has labeled four escalating risks as the “quad-fecta” impacting software supply chain security:


  1. CVEs – Now growing at a faster rate than software packages themselves.

  2. Malicious Packages – Often indistinguishable from legitimate libraries until it’s too late.

  3. Secrets Exposure – Over 25,000 exposed tokens found in public registries—a 64% year-over-year spike.

  4. Misconfigurations and Human Errors – Still one of the most persistent and unpatched threat vectors.

Together, these forces are overwhelming security teams and breaking traditional DevSecOps workflows, especially as organizations stretch to cover sprawling microservices, hybrid environments, and third-party dependencies.


And yet, only 43% of teams scan both code and binaries, meaning a majority are flying half-blind when it comes to full lifecycle security—a dramatic drop from last year’s 56%.


The CVE Confidence Crisis


Among the report’s most controversial findings: a disconnect between high-profile CVE scores and actual risk. JFrog’s researchers found that only 12% of CVEs labeled “critical” by scoring organizations truly posed real-world exploitability.


This is more than academic. In a high-pressure environment, inflated CVE scores trigger alarm bells that send developers scrambling to patch vulnerabilities that pose little or no threat—pulling them away from real security issues and eroding trust in the system.


JFrog is calling for modernization in CVE scoring methods, echoing a broader industry frustration with static, context-free vulnerability ratings that create more noise than signal.


Security Tool Sprawl, Blind Downloads, and the Trust Gap


The report also sheds light on cascading side effects of fragmented security strategies. Developers often download open-source packages directly from public registries without screening for known vulnerabilities. Meanwhile, tool sprawl—deploying too many security tools across the pipeline—leads to poor interoperability, inconsistent enforcement, and alert fatigue.


The end result: trust breaks down. Between teams, between tools, and—perhaps most dangerously—between developers and their own threat intelligence.


A Call to Automate, Integrate, and Get Real About Risk


At its core, JFrog’s State of the Union is a manifesto for recalibration. Less manual governance. More automation. Less focus on chasing every high CVE. More contextual security based on actual usage and exploitability.


“In order for organizations to thrive in today’s AI era,” Landman added, “they should automate their toolchains and governance processes with AI-ready solutions, ensuring they remain both secure and agile while maximizing their innovative potential.”

As the software supply chain stretches further across tools, teams, and platforms, JFrog is warning that piecemeal defenses won’t hold. Securing code in 2025 requires a new mindset—one that’s automated, context-aware, and brutally realistic about what’s noise and what’s a real threat.

bottom of page