Open Source Vulnerabilities Double as AI Accelerates Code Creation
Event summary
- Black Duck's 2026 OSSRA report shows open source vulnerabilities per codebase jumped 107% year-over-year.
- Open source components increased 30% YoY, with 98% of codebases containing open source.
- Two-thirds of audited codebases contain license conflicts, the highest rate in OSSRA history.
- Only 24% of organizations perform comprehensive evaluations of AI-generated code for IP, license, security, and quality.
- AI model adoption has created a new, unregulated attack surface.
The big picture
The rapid acceleration of AI-assisted development is outpacing organizations' ability to secure their software supply chains. The doubling of open source vulnerabilities and the introduction of new, unregulated attack surfaces from AI models highlight a critical governance gap. As software becomes more interconnected and AI-driven, the need for comprehensive visibility and risk management has never been greater.
What we're watching
- Regulatory Compliance
- Whether organizations can comply with upcoming regulations like the EU Cyber Resilience Act without modernizing their supply chain governance.
- AI Governance
- The pace at which companies develop clear AI usage and retraining policies to mitigate new forms of risk.
- Security Posture
- How the expanding attack surface from AI-generated code and open source components will impact enterprise security strategies.
Related topics