SiliconAngle reports that growing artificial intelligence adoption across the software supply chain has prompted significantly more cybersecurity threats, which were mostly Common Vulnerabilities and Exposures, malicious packages, exposed secrets, and misconfigurations.
Major public machine learning model repository Hugging Face had over a million newly added models and datasets in 2024, with malicious models recording a 6.5 times increase over the previous year, according to a report from JFrog. Additional findings revealed that publicly exposed secrets or tokens exceeded 25,000 last year, which is 64% higher than in 2023, while code- and binary-level scanning declined year-over-year. Despite open-source security risks, direct public registry downloads of packages were still conducted by over 70% of developers. While CVEs increased by 27% year-over-year, only 12% of critical flaws could be exploited, indicating lapses in vulnerability scoring, said the report, which also noted the complexity brought upon by the increasing prevalence of multiple security tool usage.
