惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

F
Full Disclosure
博客园 - 三生石上(FineUI控件)
MyScale Blog
MyScale Blog
Apple Machine Learning Research
Apple Machine Learning Research
L
LINUX DO - 最新话题
T
The Blog of Author Tim Ferriss
P
Proofpoint News Feed
宝玉的分享
宝玉的分享
小众软件
小众软件
Hugging Face - Blog
Hugging Face - Blog
GbyAI
GbyAI
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
V
Visual Studio Blog
爱范儿
爱范儿
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
博客园_首页
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
月光博客
月光博客
博客园 - 叶小钗
D
Docker
H
Hackread – Cybersecurity News, Data Breaches, AI and More
T
Tailwind CSS Blog
D
DataBreaches.Net
酷 壳 – CoolShell
酷 壳 – CoolShell
B
Blog RSS Feed
量子位
美团技术团队
Vercel News
Vercel News
Y
Y Combinator Blog
IT之家
IT之家
Martin Fowler
Martin Fowler
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
S
SegmentFault 最新的问题
腾讯CDC
Recent Announcements
Recent Announcements
Google DeepMind News
Google DeepMind News
罗磊的独立博客
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
G
Google Developers Blog
Microsoft Azure Blog
Microsoft Azure Blog
The Register - Security
The Register - Security
博客园 - 司徒正美
N
Netflix TechBlog - Medium
S
Schneier on Security
博客园 - 聂微东
U
Unit 42
D
Darknet – Hacking Tools, Hacker News & Cyber Security
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
雷峰网
雷峰网
Latest news
Latest news

2024 Sonatype Blog

Request for Comments: CARE and Maven Central Q2 2026 Open Source Malware Index AI Is Forcing a New Open Source Security Model Vulnerability Prioritization Is Missing the AI-Era Point The Hidden National Security Threat Inside AI-Driven Software Miasma Returns: Leo Platform Compromise in npm The Rise of Collective Defense for Open Source Signal Over Noise: Reachability Analysis Is the Reality Check SCA Has Been Missing Software Security Has to Start at Assembly easy-day-js Targets Mastra, Dependency Attacks Grow Open Publishing, Commercial Scale Software Dependency Cooldowns Are a Symptom, Not a Strategy Atomic Arch npm Campaign Adds Malicious Dependency From SBOMs to AI BOMs: Why SPDX 3.0 Matters Mythos Found 10,000 Vulnerabilities. The Bigger Challenge Is Fixing Them New Shai-Hulud Miasma Wave Hits Hundreds of npm Packages Lazarus Group's Latest: Brandjacking Campaign on npm 5 Steps to Turn Your RMF Backlog Into a Continuous ATO: The CSRMC Migration Playbook The AI Race Is Becoming a Remediation Race Red Hat Cloud Services npm Packages Hijacked Inside a 176-Package npm Campaign Built to Beat Your Internal Dependencies AI Is Making Software Autonomous, and Governance Must Follow Your Outdated Repository Still Works, But It May Not Be Safe Hijacked npm Package Attempts to Deliver PolinRider-Linked RAT AppSec Tools Explained: SAST vs SCA vs DAST | Sonatype Managing Open Source Software Risks With the HeroDevs EOL Dashboard Shai-Hulud is Back: Maintainer Accounts Are Still the Soft Target Building Trusted AI Development With Kiro and Sonatype Guide How to Build a Software Supply Chain Security Playbook The Evolution of Open Source Malware: From Volume to Trust Abuse The Mythos AI Vulnerability Storm: What to Do Next Malicious PyTorch Lightning Packages Found on PyPI Why Developer Experience Is the Foundation of DevSecOps Success Open is Not Costless: Reclaiming Sustainable Infrastructure Q1 Updates in Nexus Repository: More Formats, Stronger Operations, and a Better Day-to-Day Experience Self-Propagating npm Malware Turns Trusted Packages Into Attack Paths The Time Is Now to Prepare for CRA Enforcement Sonatype Innovate: Real Peer Connections, Real Product Influence, Real Recognition Mythos and the AI Vulnerability Storm: Exploring the Control Point Why Software Supply Chain Security Requires a New Playbook Q1 2026 Open Source Malware Index: Adaptive Attacks Exploit Trust Modernizing Nexus Repository: Moving Beyond OrientDB AI, DevSecOps, and the Future of Application Security: The Gartner® Report How Sonatype's Container Scanning Protects You From Zero-Days Axios Compromise on npm Introduces Hidden Malicious Package Is Your Repository Ready for What's Next? Autonomous Development and AI: Speed vs. Security Grounded Intelligence Ensures Safe AI Software Development Compromised litellm PyPI Package Delivers Multi-Stage Credential Stealer Golden Pull Requests: Automating Trusted Remediation Without Breaking Builds Sonatype Discovers Two Malicious npm Packages
When AI Writes Code, Who Governs the Dependencies?
2026-04-16 · via 2024 Sonatype Blog

The Department of War's Call for Solutions on AI-enabled coding capabilities (CDAO_26-01) arrives at exactly the right moment. Today's AI coding assistants have moved beyond experiments in productivity to becoming the basis for how modern software is built. The DoW is right to close the gap with the commercial sector, and the Call for Solution's emphasis on security, data handling, and IL5 compliance reflects a clear-eyed understanding of what defense-grade deployment requires.

There is, however, a structural risk embedded in the initiative that no IDE plugin or CLI agent can resolve on its own. This isn't a limitation of any specific vendor, but rather an inherent characteristic of how AI coding tools operate. It's also one that grows more significant as adoption scales.

The Dependency Problem at Machine Speed

Every AI coding assistant, regardless of the model behind it, recommends open-source dependencies. Those recommendations are grounded in training data, a static snapshot of the ecosystem as it existed when the model was trained. They're not grounded in the live state of public registries, where the threat landscape changes daily.

Sonatype's 2026 State of the Software Supply Chain research puts measurable shape to this gap. Across 36,780 dependency upgrade suggestions generated by leading AI coding tools, 27.8% pointed to versions that were non-existent, deprecated, or unsafe. Nearly one in three recommendations was wrong. Not in a way a compiler would catch, but that could introduce a build failure, a known vulnerability, or a dependency that has been deliberately substituted by a malicious actor.

This isn't a model quality problem that future training runs will eliminate. Public registries publish thousands of new components every day, including malicious ones. Sonatype's research team has documented more than 3,300 new malicious packages appearing in ecosystems like npm and PyPI every 60 days. When an AI agent recommends a dependency, it has no mechanism to distinguish a legitimate package from a typosquat published last week.

What IL5 Authorization Actually Requires

The Call for Solutions establishes Impact Level 5 authorization as a non-negotiable baseline. What this means operationally is that every component entering the enclave must be defensible to an ATO reviewer, a program manager, or an oversight body. The intake control function is not a nice-to-have; it is an architectural requirement.

The challenge is that the security tooling most organizations rely on for this has a well-documented limitation. In 2025, 64% of open-source CVEs were published without CVSS scores by the National Vulnerability Database. Policies structured around blocking NVD High/Critical findings are, by definition, working from an incomplete signal. In a commercial context, that is a risk management trade-off. In an IL5 environment, it's an audit exposure.

The ML pipeline risk compounds this. The DoW's developer population includes data scientists and ML engineers who work heavily in Python ecosystems, including PyPI, Conda, and increasingly Hugging Face. Malicious actors have documented targeting these pipelines directly: trojanized model files, poisoned training datasets, and typosquatted utility packages. Traditional application security tooling was not designed to cover this surface.

The Layer That Has to Be There

What AI coding tools lack, and what must exist in any credible IL5 deployment architecture, is a policy enforcement layer that operates independently of the AI tool itself. One that evaluates components against live registry intelligence before they enter the pipeline, enforces security and license policy automatically at every build stage, and produces the continuous audit evidence that modern authorization frameworks demand.

Sonatype Firewall performs real-time behavioral analysis of every new component published to a public registry, quarantining known malicious packages and flagging suspicious ones before any developer or AI agent can reference them. To date, it has prevented nearly 3 million malicious downloads. This intake control function extends beyond traditional package ecosystems to Docker container images and Kubernetes deployments, the containerized workflows central to Platform One and Iron Bank.

Sonatype Lifecycle enforces policy-as-code across the full development lifecycle, from IDE to CI gate. Its Reachability Analysis distinguishes vulnerabilities in the execution path from those in unreachable code, allowing teams to prioritize what is genuinely exploitable rather than working through every CVE in a dependency tree. When remediation is needed, it generates automated dependency upgrades that guarantee zero breaking changes across direct and transitive dependencies, reducing mean time to remediate from weeks to hours.

And because continuous authorization requires continuous evidence, Sonatype SBOM Manager maintains a living SBOMs updated in real time, exportable in CycloneDX and SPDX, and extended to track AI model provenance for the AI attribution and traceability capability the Call identifies as a desired outcome. When a new vulnerability is disclosed, impact analysis runs immediately across the entire portfolio. No manual triage. No scramble.

A Note on Disconnected Environments

The Call lists air-gapped deployment as a desired attribute — one that few vendors can demonstrate in production. Sonatype delivers this today through Sonatype Air-Gapped Environment (SAGE), which operates Sonatype Nexus Repository, Sonatype Lifecycle, Sonatype Firewall, and Sonatype Intelligence entirely within the air gap, with no external connectivity. Offline SBOM generation, automated policy enforcement, and pre-vetted component curation behind the wire. Sonatype Nexus Repository is already deployed across numerous defense and intelligence community environments at IL5 and above, providing a strong foundation for authorization reciprocity and rapid deployment.

What This Means for Program Architects

The leading AI coding tool providers will submit compelling proposals to CDAO_26-01. Many will offer impressive model architectures, broad language support, and developer experiences that genuinely accelerate delivery.

But security and compliance posture — also a criterion — requires more than what the AI tool itself can provide. The questions a well-prepared program architect should be asking are: What governs the open-source decisions the AI agent makes? What prevents a malicious dependency from entering the IL5 enclave? What generates the continuous evidence package that the ATO process requires?

Sonatype is not a competing IDE or CLI agent. It's the supply chain governance layer that makes any selected AI coding tool trustworthy in a defense environment. The two are complementary by design. The goal is faster, higher-quality software delivery, which is only achievable when velocity is paired with the controls that make the velocity defensible.

To learn more about how our solutions can help you manage AI development with confidence, speak to one of our experts.

Tags