Audit Finds Application Security Issues Are Worse Than Ever
Barracuda Networks, Monday, March 30th, 2026
Mounting vulnerabilities, outdated code and emerging AI threats in application security
Application vulnerabilities have surged 107% in the past year, driven by mounting security issues and outdated code.
Open-source components now appear in 98% of audited applications, with 86% containing open-source vulnerabilities and 81% classified as high or critical risk.
90% of codebases have open-source components more than four years out-of-date, increasing the likelihood that patches are not applied.
Only 77% of dependencies are identified through package manager scanning, leaving gaps due to manual updates or AI coding assistants.
The average application now includes over 5,300 open-source files, marking a 300% increase since 2020.
Cyberattacks targeting software supply chains are on the rise, using tactics such as social engineering, typosquatting and prompt injection attacks on AI coding tools.
AI coding tools are reducing some vulnerabilities, especially SQL injection, and increasing awareness about open-source security issues.