{"id":965467,"date":"2026-05-20T16:55:33","date_gmt":"2026-05-20T20:55:33","guid":{"rendered":"https:\/\/www.marketnewsdesk.com\/index.php\/new-jfrog-report-warns-ai-governance-fails-as-software-supply-chain-attacks-hit-record-highs\/"},"modified":"2026-05-20T16:55:33","modified_gmt":"2026-05-20T20:55:33","slug":"new-jfrog-report-warns-ai-governance-fails-as-software-supply-chain-attacks-hit-record-highs","status":"publish","type":"post","link":"https:\/\/www.marketnewsdesk.com\/index.php\/new-jfrog-report-warns-ai-governance-fails-as-software-supply-chain-attacks-hit-record-highs\/","title":{"rendered":"New JFrog Report Warns: AI Governance Fails as Software Supply Chain Attacks Hit Record Highs"},"content":{"rendered":"

<\/p>\n

New JFrog Report Warns: AI Governance Fails as Software Supply Chain Attacks Hit Record Highs<\/i><\/b><\/p>\n

The Hidden Costs of AI at Scale: JFrog\u2019s 2026 Software Supply Chain Security report shows threat actors weaponizing developer workflows, driving 177K new malicious packages, 495 malicious AI models, and a 451% increase in infected npm packages<\/i><\/p>\n

SUNNYVALE, Calif.–(BUSINESS WIRE<\/a>)–JFrog Ltd<\/a>. (Nasdaq: FROG), the Liquid Software company and creators of the JFrog Software Supply Chain Platform<\/a>, the system of record for trusted software artifacts, binaries, and AI assets today announced the findings of its 2026 Software Supply Chain Security State of the Union <\/b><\/a>report. This year\u2019s report reveals an unprecedented acceleration in enterprise software risk as threat actors expand strikes beyond traditional package registries into AI model registries and developer tooling, creating a blind spot in current software governance frameworks.<\/p>\n

This press release features multimedia. View the full release here: https:\/\/www.businesswire.com\/news\/home\/20260520126325\/en\/<\/a><\/p>\n

\"The<\/p>\n

The AI governance gap is real – and it’s coming at a high cost to enterprise organizations. The JFrog 2026 Software Supply Chain Security report shows a 451% surge in malicious npm packages, AI agent skills are a new attack surface; and 97% of orgs claim AI governance while 53% still pull models from public registries where malicious payloads have been found. Read the report to learn earn how to move from reactive patching to a governance-first framework that actually keeps pace with Al speed.<\/p>\n<\/div>\n

\n“Every enterprise is adding AI to their software supply chain, which is increasing the attack surface for bad actors. Our report shows attackers are no longer just breaching traditional defenses \u2013 they are actively weaponizing the trusted models, registries, and agentic tools driving today’s AI-powered development. The era of ‘scan and hope’ is over,\u201d said Shlomi Ben Haim, CEO & Co-Founder, JFrog. \u201cOrganizations need a single source of truth that governs every binary, every model, and every AI agent skill from the moment it enters the pipeline to the moment it is deployed in production. This is what JFrog was built to deliver.\u201d<\/p>\n

\nAs AI moves from experimentation to a structural force reshaping the software supply chain, organizations are seeing a widening gap between reported security confidence and the risks accumulating in their infrastructure. Drawing on data from 18.2 billion artifacts managed across the JFrog Platform (up 136% year\u2011over\u2011year), original vulnerability research by the JFrog Security Research<\/a> team, and a global survey of 1,508 security and DevOps professionals 1<\/sup>, this report exposes what it calls the \u201cillusion of mastery\u201d, i.e. the growing disparity between perceived security and the reality of mounting supply chain risk.<\/p>\n

Key Findings Include:<\/b><\/p>\n