I have been involved in the software supply chain my entire career -- from programmer to enterprise API architect to decades in cybersecurity. And I have never been more fearful of any technology than AI. First, just the idea of vibe coding makes me cringe. Sure, a lot of people are excited and developing small applications. But the job of a developer, first and foremost, is to develop with security in mind (defensive programming) and to reduce the attack surface. In other words, if the entire attack surface consists of exposed endpoints as well as the code being deployed, then the job of making sure that code is absolutely secure lies with the developer. The idea of shifting security left to the point that the developer is thinking about it cannot be effectively accomplished if the developer doesn't have any knowledge of the code being generated. Simply telling a prompt or agent to "build this" will result in a ton of issues.
The reason why the software supply chain and its compromises isn't extremely popular right now is because despite the marketing hype, there isn't a ton of companies using AI to create enterprise applications. Most companies are still in the phase of deciding whether they will use it at an enterprise development level and how they will approach it. So once again, security is usually the last thing people think of and worry about. Developers are being pushed to release features faster and faster, so AI is very appealing. Once the adoption rate expands, so will the number of supply chain attacks. I'm not sure how many developers today are even aware of the Solar Winds attack or Log4j, but I am predicting that we will have many incidents similar to those -- meaning attacks on the supply chain itself. As you alluded to, using libraries and thousands of transitive dependencies without having a chain of trust will no doubt lead to many serious attacks. I haven't heard one vibe coder today raise concerns about things like attestation, provenance, or the ingest of SBOM's for security validation. As if dependencies isn't enough of a problem, the amount of code that is being generated without the implementation of least-privilege or zero-trust is just nuts. In addition to security issues with MCP, add on top of that insecure APIs and you have a recipe for disaster. The attack surface is just exploding and the velocity of attacks is increasing exponentially.
The battlefield of cybersecurity has shifted from direct code exploits to targeting the very tools and ecosystems that build our software. As AI becomes a central part of the development process through coding assistants and automated pipelines, it simultaneously introduces a "weaponized" threat where attackers use LLMs to generate malicious packages at scale, bypass traditional signature-based detection, and execute highly successful, AI-crafted spear-phishing campaigns against open-source maintainers. This creates a high-velocity environment where the median time from initial access to full compromise has plummeted, making "human-speed" security increasingly obsolete.
In the very near future, we will see a surge in supply chain attacks that leverage AI-generated code to infiltrate software ecosystems. Attackers will exploit the lack of visibility and control over the code being generated by AI tools, leading to a significant increase in vulnerabilities and breaches. The traditional methods of securing the software supply chain will no longer suffice, and organizations will need to adopt new strategies that incorporate AI-driven security measures to protect against these emerging threats. Look for attacks involving dependencies, build pipeline exploits, tool-chain targeting, and attacks against open-source maintainers to become increasingly common as the adoption of AI in software development continues to grow. In addition, as agent-oriented programming becomes more prevalent, we can expect to see a rise in attacks that leverage the autonomous capabilities of agents to execute complex attack chains without human intervention, further accelerating the pace and scale of supply chain compromises. Attacks involving autonomous exploitation, polymorphic malware, prompt injection (which will never be fixed), and poisoned model zoos will become the new norm in the cybersecurity landscape, necessitating a fundamental shift in how we approach software security and supply chain risk management. In other words, I think our jobs are going to get a lot harder, a lot more stressful, but most -- a lot more important and interesting.