Home » Cybersecurity » Analytics & Intelligence » Application security trends: Shift-left security, AI, and open source malware

Application security trends: Shift-left security, AI, and open source malware

by Aaron Linskens on March 14, 2025

Software is at the heart of business operations across most industries, which means application security has never been more critical. However, as organizations embrace cloud-native architectures, microservices, and open source components, the attack surface continues to expand. The result: an ever-growing number of vulnerable and malicious dependencies that adversaries are eager to exploit.

In 2025, security teams will contend with an evolving threat landscape driven by increasingly sophisticated cyberattacks, AI-powered exploits, and software supply chain compromises. This article explores the key trends shaping application security, from the growing role of AI in threat detection to the increasing adoption of software bills of materials (SBOMs).

The State of Application Security

Developers and security professionals face application security challenges of unprecedented complexity in 2025. According to Sonatype’s 2024 State of the Software Supply Chain report, open source downloads reached 6.6 trillion last year, with up to 90% of modern applications now built on open source components.

Open source software provides the foundation for innovative applications, but the growth in open source dependencies comes with a cost. The number of malicious open source packages skyrocketed by 156% year-over-year, with over 512,847 malicious packages discovered in the year to November 2024. That number will grow significantly in 2025.

Attackers increasingly target software supply chains through dependency confusion, typosquatting, and open source repository takeovers. The 2024 Open Source Malware Report found that 50% of unprotected repositories already contain cached open source malware, and shadow downloads that bypass security controls have increased by 32.8% over the past year.

Beyond targeted attacks, the persistence of outdated dependencies remains a critical issue: 80% of application dependencies have remained unpatched for over a year despite safer versions being available. Meanwhile, three years after the infamous Log4Shell exploit, 13% of Log4j downloads are still vulnerable.

Accelerating DevSecOps: Cultural (Read more...)

*** This is a Security Bloggers Network syndicated blog from 2024 Sonatype Blog authored by Aaron Linskens. Read the original post at: https://www.sonatype.com/blog/application-security-trends-shift-left-security-ai-and-open-source-malware

March 14, 2025April 29, 2026 Aaron Linskens Application Security, Artificial Intelligence, Malware, open source, shift left

Application security trends: Shift-left security, AI, and open source malware

The State of Application Security

Accelerating DevSecOps: Cultural (Read more...)

Senator Sanders Wants to Own AI Companies — and Hand America’s Adversaries the Keys

NIST’s Nine: The PQC Signature Race Moves to Round Three

The Quantum Arms Race: Why Washington Just Wrote a $2 Billion Check to Nine Companies

Beyond Moore’s Law: The Hyper-Acceleration of Autonomous AI Cyber Capabilities

The Exception Economy: When Security Teams Stop Protecting and Start Negotiating

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On

Randall Munroe’s XKCD ‘Soniferous Aether’