Trust At Machine Scale: The Commons, the Threats, and AI in the Loop

Dependency management used to be a private embarrassment: an Ant script, a /lib folder, and classpath roulette. You could ship anyway, and the consequences mostly stayed inside your org. 

Now those choices flow into shared, critical infrastructure: the software that moves money, routes ambulances, dispatches trucks, processes prescriptions, and keeps the lights on. That matters because compromise and fragility don’t remain technical events; they become social events. The failure mode isn’t “a bad deploy.” It’s “the system didn’t work when people needed it.”

When software moves at machine speed, the supply chain does too — and every weakness gets amplified.

That’s what this year’s State of the Software Supply Chain® report is really about: trust at machine scale.

You see it in three places: 

• The operational reality of the commons
• The security reality
• The integration of AI

And if you think this is “just security,” it’s not. Regulations are basically catching up to reality: transparency is the new trust — and we unpack what that means for teams who actually have to ship software.

The Operational Reality of the Commons

Registries aren’t “websites.” They’re shared utilities that modern delivery pipelines lean on nonstop.

In 2025, we recorded 9.8 trillion downloads across Maven Central, PyPI, npm, and NuGet. That number isn’t just a fun fact; it’s a symptom. A lot of that traffic is repeat pulling: cold caches, ephemeral CI runners, always-clean builds, and build systems doing exactly what we asked… in a way that creates unnecessary load because the system has no memory.

Cloud concentration makes this sharper. On Maven Central, the top three cloud service providers generated more than 108 billion requests. They were 32.5% of IPs, but more than 86% of downloads. That’s not a million developers. That’s automation at an industrial scale.

I’m not saying “slow down.” I’m saying: if you’re operating at machine scale, act like it. Use durable caching. Configure proxies and mirrors correctly. Avoid pipeline patterns that refetch the world every time you rebuild. This is the kind of boring engineering that keeps the commons healthy, produces less carbon, and keeps your builds reliable.

The Security Reality

Attackers go where the leverage is. Open source is leverage.

In 2025, we logged 454,648 new malicious packages, bringing the total since 2019 to over 1.233 million. That’s not a blip. That’s sustained pressure on ecosystems that were designed to be open and easy to participate in.

At the same time, defenders are asked to prioritize risk using public vulnerability data that is often missing or inconsistent. In our analysis, nearly 65% of open source CVEs lacked an NVD-assigned CVSS score. Missing signal isn’t neutral: it creates triage churn, slows down upgrades, and leaves teams guessing about what matters. Attackers don’t have that problem — they only need one gap.

The lesson isn’t “scan harder.” It’s that security can’t be a periodic, manual exercise. It has to be built into how software is produced, continuously, and grounded in intelligence that reflects what’s actually happening across ecosystems.

AI Is Entering the Loop

I’m excited about AI in development — I use it myself. What I won’t do is trust AI to make guesses about the supply chain.

We tested what happens when AI recommends dependency upgrades without being grounded in authoritative sources of truth. Across 36,870 upgrade recommendations, we observed a 27.76% version hallucination rate, or over 10,000 non-existent versions referenced.

At scale, that’s not funny. It’s operational drag: wasted developer time, broken pipelines, and people losing trust in automation. And the scarier version is when AI recommends something that does exist, but shouldn’t be used, because it’s vulnerable, malicious, or simply outside your policy.

AI can help, but only if it’s constrained: grounded in real registry data, fed current vulnerability and malware intelligence, and bound by the rules your organization actually follows. Otherwise, you’ve automated plausible nonsense.

Trust At Scale Is the Job Now

We can’t treat the commons like an infinite resource. We can’t treat security like a quarterly cleanup. And we can’t let AI make supply chain decisions based on guesswork.

If you want the data behind these claims and the playbook for addressing them, check out the 2026 State of the Software Supply Chain® report.