Open-Source Vulnerabilities Double as AI Coding Grows

The mean number of open-source vulnerabilities per codebase doubled in the past year, according to the annual Black Duck Open Source Software and Risk Analysis (OSSRA) report released Wednesday.

The report, which has been annually analyzing the state of open-source software for a decade, found an average of 581 vulnerabilities per open-source application.

“This year’s findings document a pivotal moment: The explosion of AI-assisted development has fundamentally altered the risk landscape for software and the baseline for compliance with new regulatory initiatives such as the EU Cyber Resilience Act (CRA) and the Digital Operational Resilience Act (DORA),” the report noted.

The urgency of these findings is underscored by real-world attack data: 65% of the organizations Black Duck surveyed in 2025 reported experiencing a software supply chain attack in the past year. These are active threats impacting enterprises across every industry.

The report places changes in the current open-source software landscape squarely on the doorstep of artificial intelligence. The traditional approach to application security was designed for a world where humans wrote code at human speed, it explained, while today, AI-generated code is using open source at an unprecedented scale. Application security teams are struggling to keep pace with those coding assistants.

Those assistants have become as fundamental to the developer’s toolkit as a compiler or a debugger, according to the report, which also found that 57% of organizations are already using AI-powered coding assistants, while 76% of companies that prohibit their developers from using AI coding assistants acknowledge that they’re being used anyway.

AI Drives Systemic Shift

“The key takeaway from this year’s OSSRA research report is that AI has truly changed the scale and speed at which software risk is introduced,” observed Diana Kelley, CISO of Noma Security, an AI lifecycle security company in Tel Aviv, Israel.

“The fact that vulnerabilities per codebase have more than doubled in a single year signals a systemic shift,” she told LinuxInsider. “AI-assisted development is accelerating code creation, dependency sprawl, and model integration faster than traditional security and governance practices can keep up.”

“For security teams,” she added, “visibility is non-negotiable. Organizations must know exactly what is in their software, including open-source components, transitive dependencies, and embedded AI models.”

While open source now underpins nearly every enterprise application, most organizations still treat it as a passive dependency rather than active code they own, explained Ensar Seker, CISO of SOCRadar, a threat intelligence company in Newark, Del.

“You can’t outsource accountability,” he told LinuxInsider. “If it’s in your stack, it’s your risk. Reducing vulnerabilities starts with visibility and ownership.”

Scaling Problem

Ian Amit, founder and CEO of Gomboc, a New York City provider of automated cloud infrastructure security solutions, pointed out that the report shows mean vulnerabilities per codebase more than doubled, from 280 to 581. At the same time, components per application grew 30%. “That tells us this is not just a vulnerability problem. It is a scale problem,” he told LinuxInsider.

“We have become very good at finding issues,” he continued. “We are not nearly as good at fixing them at scale.”

“Reducing vulnerabilities requires shifting from alert generation to automated, policy-aligned remediation,” he argued. “Security teams need context, exploitability intelligence, and the ability to systematically eliminate classes of risk in code, not just report on them.”

“Without that shift,” he said, “vulnerability counts will continue to compound.”

“It’s remarkable that despite the widespread awareness of AI risks, the number of vulnerabilities per application actually doubled in a single year, suggesting that the speed of AI-generated code is not just outpacing human review, but it’s actively overwhelming traditional DevSecOps controls,” added Ram Varadarajan, CEO of Acalvio, a cyber deception and active defense company in Santa Clara, Calif.

“We can’t expect to meet machine-speed risks with human-speed responses,” he told LinuxInsider. “The future calls for zero-trust landscapes, which in turn calls for real-time, AI-driven cybersecurity: tripwires, deception, game theory.”

“Our old model of cybersecurity, unfortunately, is officially obsolete,” he said.

While 581 vulnerabilities per application sounds dramatic, it largely reflects transitive dependency sprawl that spans multiple layers deep, explained Saumitra Das, vice president of engineering at Qualys, a provider of cloud-based IT, security, and compliance solutions in Foster City, Calif.

“The 107% year-over-year increase reflects compounding complexity, not careless development,” he contended. “It is also reflecting the dominance of vibe coding using libraries from wherever it can, as quickly as it can, increasing the code surface.”

“The bigger issue is visibility,” he said. “Most organizations don’t truly know what’s running in production — and AI is accelerating the opacity. Only 24% comprehensively review AI-generated code, which often introduces components with unclear provenance and licensing risk.”

Codebase Explosion

The Black Duck report also found that the open-source codebase size and dependency growth have exploded, with component counts increasing 30% year-over-year, and the number of files per codebase growing 74%. That has ramifications for application security.

“Vibe coding and AI-assisted development have dramatically accelerated the pace of code generation,” explained Sunil Gottumukkala, CEO of Averlon, an AI-powered cloud security company in Redmond, Wash.

“These models are trained on open-source code, and when you’re building with them, they’ll pull in whatever libraries are needed to enable the functionality you’re asking for,” he told LinuxInsider. “They’re optimized to get you working code, not to audit the dependency tree.”

“That means codebases are growing faster than ever, but the security oversight hasn’t kept pace,” he continued. “Every dependency you bring in is a potential attack surface, and when AI is adding them at an unprecedented pace, the risk compounds quickly.”

Codebase and dependency growth is a classic mo’ money mo’ problems scenario, asserted Black Duck’s Head of Software Supply Chain Risk Strategy Tim Mackey.

“More code means more code to test,” he told LinuxInsider. “More dependencies mean an increase in potential third-party decisions breaking code. Since each piece of code can easily contain a weakness that might be exploitable — whether it was a code flaw or a best practice that became a poor one — the more code sources you have, the harder it is to manage the attack surface for whatever your product is.”

Legal and Licensing Risks

The report also found AI is driving new legal and licensing risks. Two-thirds of audited codebases (68%) contained open-source license conflicts — the largest increase in OSSRA history, it noted. AI-generated code is compounding IP and licensing uncertainty, while only 54% of organizations review AI-generated code for licensing risk, and just 24% conduct comprehensive IP, security, and quality evaluations, it added.

AI-assisted development introduces a new layer of provenance uncertainty, noted Rosario Mastrogiacomo, author of “AI Identities: Governing the Next Generation of Autonomous Actors,” published by Apress.

“Developers may incorporate AI-generated code without full clarity into whether it mirrors open-source components with specific licensing obligations,” he told LinuxInsider. “This creates potential intellectual property exposure and compliance risk, particularly in regulated industries or commercial software distribution.”

To reduce that risk, he recommended treating AI-generated code as third-party code of unknown origin. “That means subjecting it to the same license scanning, security testing, and policy checks as any external dependency,” he said. “Establishing clear governance policies — such as approved AI tools, mandatory review workflows, and documentation of how AI tools are used — also helps mitigate uncertainty.”

“Transparency and traceability are essential,” he continued, “if organizations can demonstrate due diligence in evaluating AI-generated contributions, they significantly reduce downstream legal and compliance exposure.”

Provenance Becomes Key Defense

Mastrogiacomo added that the overarching takeaway from the Black Duck report is that software risk is increasingly a supply chain issue rather than a single-application issue.

“Open-source adoption, dependency growth, and AI-assisted development are all accelerating simultaneously,” he explained. “The organizations that will manage this risk most effectively are those that move from reactive patching to proactive visibility and operational discipline.”

“Continuous inventory, automated controls, and executive-level accountability for software supply chain risk will be essential as development velocity continues to increase,” he added.

One omission from the report is a reflection on risk associated with known bad actors, maintained Gary Schwartz, vice president of marketing at NetRise, a software supply chain security company in Austin, Texas.

“The massive increase in open-source dependencies will inevitably lead to bad actors hiding their attacks in multiple dependencies,” he told LinuxInsider.

To counter that, he advocated that the provenance of open-source dependencies include not only geo-location but also characteristics such as the number and timeliness of contributions and maintainer history.

“That allows us to identify not only bad actors, but also the blast radius of an attack by identifying other dependencies to which they’ve contributed,” he continued.

“Some of the attacks noted in the report — in particular the Lazarus Group activity — can be detected early by understanding the provenance of the contributors to the libraries,” he said. “This is a huge risk vector that can be addressed today.”