Endor Labs
127c6509-728b-4782-8f49-4db990cf3bea

State of Dependency Management: AI Coding Agents and Software Supply Chain Risk

AI coding assistants may be transforming development, but at what cost to security? The latest State of Dependency Management from Endor Labs report reveals how AI coding agents and MCP servers are introducing a new layer of software supply chain risk. Key findings include:

  • 49% of dependencies imported by AI agents have known vulnerabilities
  • 34% are hallucinated (ie they don’t exist in any package registry)
  • Only 1 in 5 dependencies recommended by AI are safe to use

This year’s study analyzed over 10,000 MCP server repos across PyPI, npm, Maven, and NuGet ecosystems, exposing how AI-driven dependency management expands the modern attack surface.

View report

By proceeding you agree to receive occasional communication from Endor Labs. Endor Labs needs the contact information you provide to contact you about products and services. You may unsubscribe from these communications at anytime. For information on how to unsubscribe, as well as privacy practices and commitment to protecting your privacy, check out their Privacy Policy. 

I consent to the ascertainment, conversion, utilisation and dissemination of the data I have entered into this registration form. The B2B Media Group GmbH and originator/sponsor of the document may use my contact data for the purpose of B2B marketing (via e-mail, phone, display and postal) until such time as I withdraw my consent. 

My agreement to the company and our partner can be revoked at any time via Unsubscribe Link below: Unsubscribe