Guest IDC Blogger, Katie Norton explains how to balance rapid, AI-driven innovation with software supply chain resilience.

JFrog is a leading provider of DevOps and software distribution solutions, offering tools for artifact management, continuous integration, and binary repositories. Developers can learn about software delivery pipelines, artifact management best practices, and CI/CD automation to accelerate their software delivery process and ensure reliable and secure software releases using JFrog's platform.

JFrog

Modern development teams ship faster than ever using AI coding assistants and modular architectures, but this speed increases reliance on unvetted third-party components. Two 2025 supply chain attacks—the Shai-Hulud npm campaign and React2Shell RCE vulnerabilities—illustrate how attackers exploit the gap between artifact publication and detection. Nearly 72% of organizations report direct impact from open source vulnerabilities in the past year. The recommended approach is automated, policy-driven dependency controls embedded at the point of intake: blocking newly published or non-compliant packages before they enter build pipelines, enforcing licensing and maturity thresholds, and redirecting developers to vetted alternatives. This governance model extends to AI models and agent tooling, which carry the same structural risks as traditional libraries but with far less mature tooling. The goal is making the secure path the path of least resistance without slowing developer velocity. The post is sponsored by JFrog, which promotes its Curation product for this use case.

The Dependency Dilemma: Balancing Innovation Speed with Supply Chain Resilience