AI Is Reshaping Software Supply Chain Risk

eSecurity Planet content and product recommendations are
editorially independent. We may make money when you click on links
to our partners.
Learn More

Artificial intelligence is rapidly transforming how developers build software, but security controls are struggling to keep pace. 

According to Willem Delbare, co-founder and CEO of Aikido Security, AI-assisted development is fundamentally changing the software supply chain threat model by increasing automation around code generation, dependency selection, and tool installation.

“As of 2025, 84% of developers have reported they are using or plan to use AI tools in their development process,” Delbare said in a message to eSecurityPlanet. 

He added, “AI coding agents are increasingly pulling packages, invoking tools, and adding skills autonomously, with little to no human oversight over what gets installed.”

According to Delbare, this growing reliance on AI tooling is expanding the attack surface on developer machines that often store cloud credentials, SSH keys, source code access, Kubernetes configurations, and package publishing tokens. 

As developers increasingly integrate AI agents, IDE plugins, browser extensions, and machine coding assistants into workflows, traditional endpoint security tools are struggling to maintain visibility into what is being installed and executed.

Key Takeaways of Software Supply Chain Risk

• AI-assisted development is expanding software supply chain attack surfaces across developer environments.
• Traditional EDR and MDM tools often lack visibility into AI tools, browser extensions, and package managers.
• Malicious open-source packages continue rising rapidly as attackers automate supply chain attacks with AI.
• Compromised developer workstations can give attackers trusted access to repositories, pipelines, and credentials.
• Organizations need real-time visibility and install-time controls around developer tooling and AI integrations.

Software Supply Chain Risks vs. Recommended Controls 

Developer Workstations Are Becoming High-Value Targets

Delbare said developer workstations are increasingly viewed as one of the weakest links in the software supply chain because many existing security controls were not designed for modern development environments. 

Traditional EDR and MDM tools focus on the operating system layer, while much of today’s developer activity occurs through package managers, browser extensions, and AI tools outside normal security visibility.  

“The security tools most companies rely on weren’t built for modern development workflows,” Delbare explained. “Developers are constantly installing code packages, IDE extensions, browser extensions, AI tools, and MCP servers directly into their environments.”

According to Delbare, many organizations fall into one of three problematic security models: blocking everything, allowing everything without governance, or manually reviewing installation requests one by one. 

He noted that overly restrictive controls often drive developers to create workarounds, while permissive environments leave organizations exposed to malicious packages and credential theft.

Aikido’s research shows compromised packages remain one of the most common attack vectors targeting developer systems today. 

Delbare said Aikido Intel currently identifies up to 100,000 malicious packages daily across open-source registries, a significant increase from roughly 20,000 per day just one year earlier.

AI Is Accelerating Supply Chain Attacks

Delbare also warned that AI is lowering the barrier to entry for software supply chain attacks. 

Historically, attackers needed technical expertise to understand package registries, CI/CD pipelines, obfuscation methods, and payload development. 

Today, he said, many of those capabilities are becoming easier to automate using commercially available large language models (LLMs).

“A year ago, writing a supply chain attack required real skill,” Delbare said. “Now, all someone needs is a cheap LLM subscription.”

He added that compromised developer environments can effectively provide attackers with the same level of access as trusted engineers. 

Once attackers access developer credentials or repositories, they can insert malicious code or compromise build pipelines that distribute trusted software updates. 

Visibility Gaps Continue Expanding

Delbare believes many organizations continue defining software supply chain risk too narrowly by focusing primarily on npm packages and container images while overlooking browser extensions, AI coding tools, and transitive dependencies operating within trusted environments. 

He pointed to the recent Vercel incident as an example of how third-party trust relationships can introduce significant downstream exposure without directly compromising the organization itself.

According to Delbare, organizations need broader visibility into the full developer environment, including AI tools, extensions, external integrations, and dependency ecosystems interacting with source code and internal systems. 

He also emphasized that security teams need real-time visibility into which AI tools developers are actively using in order to enforce governance and security policies effectively.

How Organizations Can Reduce Developer Supply Chain Risk

Delbare recommends organizations implement stronger controls around developer workstations without unnecessarily slowing development workflows. 

Suggested best practices include enforcing minimum package age requirements, restricting unnecessary package ecosystems, using centralized approval workflows, and implementing real-time monitoring around AI tooling and third-party integrations.

He also believes future software supply chain defense strategies will increasingly rely on controls operating at the point of install rather than relying solely on delayed threat intelligence feeds.

“You need controls that work at the point of install, in real time, before the window closes,” Delbare said.