Annual report reveals how AI-generated code and MCP integrations are expanding the software supply chain attack surface
PALO ALTO, Calif., Nov. 4, 2025 /PRNewswire/ — Endor Labs, the fastest growing company in application security, today released its annual State of Dependency Management 2025: Security in the AI-Code Era report. Now in its fourth iteration, the report sends a clear message: AI-assisted development isn’t the future; it’s already here, and most enterprises are blindly inheriting a massive new attack surface full of hallucinated, vulnerable, and unvetted code.
The report found that only 1 in 5 dependency versions recommended by AI coding assistants were safe to use, containing neither hallucinations nor vulnerabilities. The rapid adoption of Model Context Protocol (MCP) servers, which connect AI agents to thousands of third-party tools and integrations, further amplifies the risk by centralizing access points where unvetted code can enter enterprise systems. Without proper governance, organizations are inheriting a new, expanding attack surface that threatens even their most critical code and infrastructure.
Endor Labs analyzed more than 10,000 GitHub repositories and tested AI coding agents across major ecosystems, such as PyPI, npm, Maven, and NuGet, to determine which recommended dependencies were real, safe, or vulnerable, while also assessing the security of the servers supporting these AI tools. The analysis revealed several key insights:
- High Vulnerability Rates in AI-Imported Dependencies: Depending on the AI model, 44-49% of dependencies imported by coding agents contained known security vulnerabilities, showing that even existing dependencies can introduce risk if not properly vetted.
- Security Tools Significantly Improve AI Outcomes: When AI agents are equipped with security tools, the proportion of safe dependency recommendations jumps from roughly 20% to 57%–nearly a threefold improvement. While this demonstrates the value of integrating safeguards into AI workflows, gaps remain if organizations rely solely on AI without proper oversight.
- The MCP Ecosystem Lacks Market Maturity, Adds New Risks: In an attempt to keep pace with AI’s speed of innovation, more than 10,000 MCP servers were created in under a year, 40% of which had no license. About 75% were built by individuals without enterprise-grade protections, and 82% interact with sensitive APIs, creating additional vulnerabilities that complicate safe adoption at scale.
“AI coding agents have become an integral part of modern development workflows,” said Henrik Plate, Security Researcher at Endor Labs. “They introduce new types of dependencies — some of which may be hallucinated or insecure. At the same time, thousands of third-party MCP servers are being developed and published by open-source maintainers, waiting to be integrated into projects. Without sufficient verification, however, they could open new paths for exploitation. Effective governance is essential to balance innovation with accountability, enabling AI to accelerate development without letting untrusted code into critical systems.”
Download the full State of Dependency Management 2025 for recommended actions your organization needs to take now, here.
About Endor Labs
Endor Labs is building the application security platform for the software development revolution. From open source to AI-generated code, it helps teams identify, prioritize, and fix the vulnerabilities that actually matter—faster. With deep program analysis, automated remediation, and unmatched dataset coverage, Endor Labs empowers modern engineering and security teams to move fast without compromise.
Media Contact
Rebecca Reese
[email protected]
View original content:https://www.prnewswire.com/news-releases/endor-labs-launches-2025-state-of-dependency-management-report-finds-80-of-ai-suggested-dependencies-contain-risks-302603438.html
SOURCE Endor Labs
