Securing the Software Supply Chain in the Age of AI

Most of your software risk comes from code you didn’t write. Third-party libraries, open source dependencies, AI-generated code: the inputs keep growing, and so do the attack surfaces they create. Supply chain attacks are getting more sophisticated, and the tools most teams rely on are falling behind. This software supply chain security report, based on new independent research from Omdia and a survey of 400 IT, cybersecurity, and application professionals across North America, shows where organizations are responding, and where the biggest gaps remain.

What the research shows

• 77% of organizations experienced a software supply chain incident in the past 12 months
• 40% rank AI technology as the #1 risk to their software supply chain, ahead of third-party code (39%) and software dependencies (38%)
• 57% expect more than half their code to come from third-party sources within 12 months
• Only 1 out of 12 security tool categories was rated “very effective” by a majority of organizations

中身は何だ

This 24-page software supply chain security report provides data-driven guidance for tech leaders navigating third-party code risk, AI-generated code governance, and tool effectiveness. Key sections include:

• The risk landscape: How AI, third-party code growth, and evolving attack vectors are reshaping supply chain security
• Incident reality: What types of attacks organizations are experiencing and the business impact
• Tool effectiveness benchmarks: Which security tool categories deliver confidence and which fall short
• SBOM adoption and impact: How organizations generating SBOMs report measurably better security outcomes
• The developer shift: Why 98% of organizations prioritize developer security enablement and what’s blocking adoption
• Investment priorities: Where organizations are directing new security budgets and the outcomes they expect