JFrog has released its 2026 Software Supply Chain Security State of the Union report, revealing major security gaps across Indian enterprises despite rapid AI adoption and increasing software automation.
The report highlights that Indian organizations are among the most AI-active globally, but many still lack critical security controls needed to defend against modern software supply chain attacks. As malicious npm packages surged by 451% globally last year, security risks linked to AI-generated code, compromised developer tools, and unverified open-source software continue to rise.
According to the findings:
- 65% of Indian organizations lack malicious package detection, while 71% do not use container security, leaving enterprise infrastructure vulnerable to supply chain attacks.
- Indian DevSecOps teams now spend 51% of their time validating and reviewing AI-generated code, reflecting the growing burden of AI governance and software verification.
- Despite increased AI adoption, trust remains cautious at the engineering level, with 53% of Indian developers treating AI-generated code only as a starting point and reviewing it carefully before implementation.
- India leads on automated Shadow AI detection at 60%, but that still leaves four in ten organizations with no automated way to catch unsanctioned AI tools in developer environments.
The broader regional picture:
The report positions Asia-Pacific as a global frontrunner in software supply chain security and AI governance, with the region consistently deploying more controls and monitoring AI usage more rigorously than its global peers.
“AI is accelerating how software is built, but it is also expanding the potential attack surface and increasing vulnerabilities,” said Sudhir Narla, General Manager for JFrog India, and VP of Customer Success. “We’re seeing a shift from isolated vulnerabilities to systemic risk across the entire software supply chain. Indian organisations will need to move beyond traditional security approaches and rethink how they establish trust in increasingly AI-powered, automated environments.”
The report also notes that AI model registries such as Hugging Face are rapidly becoming a major part of the software supply chain – 58% of all new software packages in the last year came from Hugging Face, totaling 1.4 million new artifacts. This makes model registries the single largest input to the software supply chain and increases the need for stronger governance, provenance tracking, and automated security controls.
For more insights and detailed regional findings, click here to access the full JFrog 2026 Software Supply Chain Security State of the Union Report.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream LinkedIn | The Mainstream Facebook | The Mainstream Youtube | The Mainstream Twitter
About us:
The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.