AI-Fueled Development Pushes Open-Source Risk To Extremes: Report
devops.com, Friday, February 27th, 2026
Artificial intelligence has shortened the timeline for software development from months to days. But according to new research, that acceleration is creating significant risks for security and compliance issues.
Black Duck's 2026 Open Source Security and Risk Analysis (OSSRA), based on audits of 947 commercial codebases spanning 17 industries, shows that vulnerabilities inside enterprise applications has surged over the past year. The average number of open-source vulnerabilities embedded in an application rose a remarkable 107%, reaching 581 per codebase.
Open-source components now appear in 98% of audited applications, effectively making third-party code a foundational layer of modern software. Over the past year, the number of open-source components per application climbed 30%, while file counts expanded 74%. The increase reflects not only developer productivity gains but also a widening level of dependency.