State of Dependency Management: AI Coding Agents and Software Supply Chain Risk

AI coding assistants may be transforming development, but at what cost to security? The latest State of Dependency Management from Endor Labs report reveals how AI coding agents and MCP servers are introducing a new layer of software supply chain risk. Key findings include:

49% of dependencies imported by AI agents have known vulnerabilities
34% are hallucinated (ie they don’t exist in any package registry)
Only 1 in 5 dependencies recommended by AI are safe to use

This year’s study analyzed over 10,000 MCP server repos across PyPI, npm, Maven, and NuGet ecosystems, exposing how AI-driven dependency management expands the modern attack surface.

Ver relatório

Download gratuito

Insira suas informações de contato e clique no botão de download. Você receberá um email com o link para download.

By proceeding you agree to receive occasional communication from Endor Labs. Endor Labs needs the contact information you provide to contact you about products and services. You may unsubscribe from these communications at anytime. For information on how to unsubscribe, as well as privacy practices and commitment to protecting your privacy, check out their Privacy Policy.

By clicking the button below, you consent to B2B Media Group GmbH with its affiliated companies and Endor Labs Inc. processing and storing your data for marketing purposes, in particular for marketing-related contact by e-mail and telephone.

You can revoke your consent at any time by sending an e-mail to unsubscribe@b2bmg.com (subject: Endor Labs Inc.). Further information can be found in the Privacy Notice.

Privacy / download conditions:

Date: 1.8.2018

Client

B2B Media Group GmbH, Bahnhofstraße 5, 91245 Simmelsdorf (B2B MG)

Partner

Endor Labs Inc.

Os campos marcados com * são obrigatórios