When talking about DevOps and software delivery pipelines, security, compliance, and governance should all be native to the development workflow. Yet traditional approaches to software supply chain security often feel bolted-on. Proprietary black boxes are hard to integrate - and harder still to understand or extend. Instead of adapting to your workflows, you’re expected to adapt to theirs, with little room for customisation or clarity about what they’re actually doing under the hood.

That’s where Cloudsmith’s Enterprise Policy Management (

) differs from other legacy approaches. This is a powerful, flexible, and developer-friendly way to implement policy-as-code using the Open Policy Agent (

) and its associated Rego, natively within your artifact management pipeline.

Legacy artifact management systems typically offer pre-baked security gates that require manual reviews, or offer minimal configurability. While these should solve some business outcomes, they often don’t scope well to your specific business logic. Cloudsmith gives teams full access to define policies using Rego, a standard open-source policy language used in many enterprise solutions.

This familiar policy language is ideal for teams who are automating supply chain security controls. Cloudsmith’s EPM enables fine-grained, conditional control over package handling during security scanning. Additionally, Cloudsmith’s policy implementation integrates with automation tools via Cloudsmith's robust REST API. With EPM, you can go beyond one-size-fits-all policies and encode the exact rules that matter to your organization, whether it's license restrictions, CVSS thresholds, naming conventions, or internal workflows.

Cloudsmith policies are evaluated during package synchronization, after a security scan completes. This gives teams a reliable hook to enforce quality, security, and compliance gates before artifacts move deeper into production pipelines. Here’s what makes it practical:

: 
All policies are written in Rego and must follow a specific schema. As long as Cloudsmith supports the specific built-in functions required in the policy, it should be valid. Rego is incredibly flexible. 

As seen in the example below, you can use RegEx within OPA Rego to match specific package filenames that contain a semantic versioning for the file name, or use RegEx to scope the unique business context that matters to you.

This Rego policy is designed to enforce a naming convention for packages in a Cloudsmith repository. Specifically, it ensures that package filenames starting with 

The policy implements filename prefix check to target only packages where the filename starts with 

. The regex match for SemVer, scans those h11- files, and it enforces a filename pattern where 

Finally, policy introduces mismatch handling, where the filename does not conform to this SemVer pattern with an approved extension, the policy matches and produces a human-readable message explaining why.

Policies are considered terminal by default. When a match occurs, execution stops and the associated actions trigger. This is the policy evaluation flow. Policies are evaluated in order of their precedence (lowest number = higher priority). When a policy’s Rego rule evaluates to 

, it’s considered a match. By default, Cloudsmith stops evaluating any further policies after this match. The actions associated with that matching policy (like tagging, quarantining, or changing state) are immediately triggered.


For a Cloudsmith EPM policy to be enforced, it needs an associated 

 that defines the name and description of the policy, but also whether it’s enabled by default or is terminal, and more importantly defines the precedence at which it’s read:

Upon creation, the API returns a success response indicating the policy has passed validation and is active. The policy is also reflected in the Cloudsmith UI almost instantaneously, ensuring immediate visibility and enforceability within your package governance workflows.


Terminal behaviours matter, and this design is intentional. It allows users to short-circuit processing for high-priority rules, as well as avoiding conflicting actions across multiple policies and keep policy logic simple and predictable.

To apply the policy, you can create a HTTP POST request to the policies API with the 

 reflecting the data that is being sent to that API:

While terminal behaviour is the default, non-terminal policies can be configured explicitly by setting:

This lets evaluation continue to the next policy, even after a match. You can use this when you want multiple policies to apply, if you're using multiple independent tagging or analysis rules, or if you need layered enforcement, like tagging, then quarantining.

 (to Quarantine package and render them unusable) or 

 (with context for further reviews) via the API. Each policy can have multiple actions with a defined precedence. Once you have a Policy Slug generated from the created Cloudsmith EPM policy, you can assign a tagging action for your policy ID:

A straightforward way to test this policy is to take a package that already has a valid SemVer-compliant filename and rename it by replacing the version number with a placeholder like “test.” For example:

Cloudsmith's REST API enables full Create, Read, Update, Delete (CRUD) operations on policies and their components. This is where automation shines:

Create or update policies dynamically from CI/CD scripts.

Simulate policy evaluations with real or staged package metadata.

Apply tagging or quarantining logic that integrates with your observability or DFIR tools.

 is currently the best fit for automating Cloudsmith EPM policies due to its flexibility in shell scripting (such as 

). Github Actions also provides an easy integration with rego files stored in your repo, secure handling of secrets such as the API Key, as well as built-in CI/CD lifecycle for validation, simulation, and deployment.

 before applying policies in production. This dry-run capability helps ensure your Rego logic behaves as expected, reducing the risk of false positives, which could result in things like blocking good artifacts.

The response contains a list of packages that were tested, with fields like 

 that would be taken if the policy is enabled. You can add a package search query to filter the packages being evaluated. This reduces all the packages to apply the policy to.

You can disable the policy either on policy creation, or at a later time via the API, as seen here:

 will tell users whether the policy matched the scope of their package:

Once the package is pushed to Cloudsmith, you can check your 

 package name to see if the package data is the data you expected to see in the policy evaluation:


If the policy is no longer required, you can use the 

By combining EPM with Cloudsmith's flexible REST API, you unlock a powerful new paradigm:

Governance that’s automated and programmable.

Policies defined by your logic, your rules.

With Cloudsmith, developers and platform engineers can treat security and compliance as first-class, automated citizens in their CI/CD systems. Whether you’re integrating with Terraform, GitHub Actions, or your own orchestration tooling, Cloudsmith EPM gives you the control you need to secure your software supply chain your way.

Nigel Douglas

Head of Developer Relations

Unlocking API-driven policy-as-code automation with Cloudsmith EPM

Why we chose it, how we built on it, and where we’re going next

Ensuring the integrity of open source software is a growing priority for organizations of every size. But doing it in a way that doesn’t slow down developers is hard.

We believe the right long-term answer is a curated repository of known-good open source software that is continuously verified, with your organization’s security and compliance policies applied, and deeply integrated into your core workflows.

Cloudsmith is the right place to do this. We’re not just hosting packages; we’re providing the control plane and data plane for the software supply chain. And that starts with how we handle vulnerability data and threat intelligence.

We chose Trivy as the base for vulnerability scanning at Cloudsmith because it’s open source, fast, and widely trusted. 

We integrated Trivy into our cloud-native platform, giving our customers access to 

We’re expanding beyond Trivy, ingesting multiple data sources and ultimately adding pluggable security integrations.

 A curated, secure, resilient software supply chain that keeps developers productive and organizations safe.

 early on, as we were building Cloudsmith. It’s open source, well-supported, and widely trusted. It offers support for containers, OS packages, language dependencies, SBOMs and secrets scanning. It’s also well-maintained; with over 27,000 GitHub stars, millions of downloads, and millions of users, the global developer community clearly values the capability that Trivy provides.

It’s no surprise that Trivy is the default scanner in many other platforms. But integrating it into a cloud-native platform like Cloudsmith, where artifacts are constantly being pushed, pulled and promoted across repositories, meant solving for cloud scale, automation, and extensibility.

Trivy helped us get high-quality results fast. Here’s how we super-charged it for our customers.

Every artifact pushed to or cached through Cloudsmith is scanned automatically, without any manual configuration or setup required. This means security is built into the pipeline from the very first interaction. The scans run in the background, ensuring zero friction for developers while giving teams continuous visibility into security risks.

: Every Docker/OCI image published to Cloudsmith is automatically accompanied by an SBOM in the CycloneDX format. CycloneDX is widely supported across security tools and ecosystems, making it easy to integrate SBOMs into your broader supply chain risk management processes. By leveraging Trivy’s SBOM capabilities, we ensure that every image has a clear and standardized inventory

Because Cloudsmith is a universal artifact management platform, we can centralize vulnerability data for our customers across all of their formats and surface that information to them across their workspace. 

Cloudsmith is designed to work at global scale, so when we integrated Trivy as our scanner, we knew it needed to keep up too. Cloudsmith is 

proven to handle > 1 million requests per minute

 and we execute millions of vulnerability scans as customers add to their repositories.

Quarantine or notify when users are accessing insecure packages using Cloudsmith’s OPA based 

SAML, SCIM, OIDC, logging, and ISO 27001 compliance ensure a 

With Trivy running reliably across our platform, we started rethinking how to keep vulnerability data fresh and actionable.

We ingest CVE data continuously, from Trivy and also from additional sources like 

. And we apply that data to artifacts already in your repositories. That means no need to trigger rescans.

New advisory published? We re-check your existing packages against fresh data.

Define rules using CVSS, EPSS, license metadata or any other detail about your package, and act on them automatically.

 Every match, every decision, and every policy action is logged.

So we can add data sources like OSV.dev and package health signal data.

This turns scanning into a real-time feedback loop, so you can catch new risks as soon as they emerge.

The presence of CVEs isn’t the only signal about the quality of software packages. Our goal is to help you make better decisions about all the software in your supply chain based on trust, context, and quality, in addition to known vulnerabilities.

 New feeds (OSV, GitHub advisories, OpenSSF Scorecards) deepen our vulnerability data and unlock additional package formats.

 Build policies based on how well-maintained a package is, whether it has good documentation, how widely it’s been adopted, and other indicators of package health

 SBOM generation for additional formats, so you can build custom policies from your SBOM metadata.

Trivy kickstarted it. Cloudsmith takes it further.

Push an artifact. Let Cloudsmith scan it, sign it, apply policies, and let you know when new threats emerge. Security shouldn’t slow you down. With Cloudsmith, it doesn’t.

 Push an image or package and watch your policies kick in, so you can sleep easier tomorrow when the next CVE lands.

Ciara Carey

Solutions Engineer

Using Trivy Inside Cloudsmith

Improper artifact integrity validation is a critical vulnerability in CI/CD pipelines characterised by insufficient mechanisms to cryptographically verify the authenticity and integrity of code and build artifacts traversing the pipeline. When these controls are weak or absent, adversaries with access to any pipeline stage can inject malicious or tampered artifacts that appear legitimate, enabling undetected propagation through the pipeline and eventual deployment into production environments.

This issue originates from the failure to enforce strong cryptographic validation of artifacts and dependencies within the CI/CD workflow. Because modern pipelines frequently integrate internally developed code, third-party dependencies, container images, and Infrastructure-as-Code (IaC) manifests, multiple vectors exist where unverified or malicious components can infiltrate.

In particular, attackers exploiting weak artifact validation can:

Insert malicious code in source commits, bypassing code signing controls.

Replace build artifacts or dependencies in artifact repositories or mirrors.

Modify cryptographic hashes or signatures to spoof legitimate artifacts.

Exploit lack of multi-source verification to propagate tampered components.

Without strong end-to-end integrity checks, the CI/CD pipeline can end up acting as a trusted path for delivering compromised software.

Why Artifact Integrity Validation Matters

Artifact integrity validation guarantees that every software package, container image, and configuration file has not been altered from its original, verified state. This is achieved through cryptographic hashes (eg: SHA-256), digital signatures, and metadata attestations which provide strong guarantees of provenance and immutability.

By rigorously validating artifacts, development teams ensure:

Protection against supply chain attacks involving compromised dependencies or build outputs.

Detection of unauthorised modifications during artifact transit or storage.

Preservation of pipeline trust boundaries, preventing malicious code from reaching production.

Failures in integrity validation have severe consequences, including covert insertion of backdoors, data exfiltration, service disruptions, and erosion of trust in automated deployment systems.

The Multi-Source Challenge in Modern Pipelines

The wide variety of inputs in CI/CD pipelines can introduce risk at every turn. For starters, code is often contributed by numerous developers spread across different teams and geographies, which means there's a constant stream of changes flowing into the system. These code commits can vary widely in quality and intent, making it critical to validate each one thoroughly. At the same time, build artifacts are produced incrementally at various stages of the pipeline. While this modular approach increases efficiency, it also opens up the possibility for inconsistencies or vulnerabilities to creep in if not carefully managed.

Another layer of complexity is added by the dynamic resolution of third-party dependencies and container images, which are frequently pulled in on the fly. These external components may not always be trustworthy or up-to-date, and can act as silent entry points for malicious code. Finally, the deployment process itself often relies on IaC templates, which are sometimes sourced from multiple repositories. This fragmented structure makes it harder to maintain visibility and control over what’s actually being deployed. Altogether, each of these inputs expands the pipeline's attack surface, further emphasising the need for rigorous validation and security checks at every step.

Core Components of Artifact Integrity Validation

Ensuring artifact integrity throughout the CI/CD pipeline is not a single-step task, you’ll need to implement a comprehensive, layered approach that addresses security at multiple levels. At the heart of this process are cryptographic checksums and digital signatures, such as 

 signatures. These mechanisms verify that both source code commits and generated artifacts remain unaltered from their original, trusted state, providing a foundation of authenticity and non-repudiation. However, simply generating secure artifacts won’t solve all the issues. These artifacts must also be stored and distributed in a secure manner.

This is where secure artifact repositories come into play

. These registries should be trusted, access-controlled, and designed to prevent tampering, ensuring that only authorised users and processes can interact with stored artifacts. Just as important is the secure transport of artifacts across pipeline stages. Enforcing end-to-end TLS encryption, along with mutual authentication between services, helps protect against interception or unauthorised modification during transmission. Underpinning all of this is the robust key management systems.

Signing keys must be protected using Hardware Security Modules (

) or other secure vault solutions, with automated key rotation policies in place to reduce the risk of compromise over time. Together, these components form a cohesive security framework that protects artifacts from the moment they’re created, through every stage of the pipeline, all the way to final deployment.

Hypothetical Tampered Artifact Injection Workflow

This type of attack re-emphasises the necessity for multi-layered validation and continuous monitoring in CI/CD pipelines.

How Cloudsmith Can Help Secure Artifact Integrity

Cloudsmith is a fully managed, cloud-native artifact repository built from the ground up with a focus on security and supply chain integrity. It offers a comprehensive set of capabilities designed to protect against risks like tampered, mis-validated, or malicious artifacts.

Cloudsmith enforces immutability by ensuring that once an artifact is uploaded, it cannot be altered or deleted. This guarantees that the artifact remains in its original, trusted state. The attestation, along with the certificate, is recorded in Sigstore’s 

, providing a permanent record of the artifact’s authenticity and provenance. Each artifact is versioned and linked to cryptographic hashes and rich metadata, providing a complete audit trail that can be used for traceability and forensic analysis in the event of an incident.

Cloudsmith supports automated signing of artifacts using tools like Sigstore’s 

 for provenance, making it easier to embed trust into your software supply chain. These signatures can be verified before deployment or distribution, ensuring that only authorised and untampered artifacts are used in production environments.

Fine-Grained Access Control & Authentication

 and the ability to generate tightly scoped API tokens, Cloudsmith allows organisations to precisely define who can publish, read, or delete artifacts. This reduces the surface area for internal threats, and helps ensure that only trusted individuals can interact with critical software components.

Multi-Protocol Support with Secure Transport

 and protocols - including REST, OCI, Maven, npm, NuGet, Python (PyPI), and more. All transfers are encrypted with TLS, providing confidentiality and integrity during transit and reducing the risk of man-in-the-middle (MitM)-style attacks.

Cloudsmith integrates seamlessly with popular CI/CD platforms like 

, and so much more. These integrations allow teams to automatically publish signed artifacts and enforce policy checks (such as signature validation or provenance verification) at every stage of the delivery pipeline, embedding security directly into the development workflow.

 that provide a timeline view of non-package (but typically administrative) actions that have occurred within the repository, such as creating/modifying repository Retention Rules or creation of an Entitlement Token. These logs are essential for compliance and incident response, providing visibility into potential unauthorised usage patterns within the platform and development teams.

By using Cloudsmith as a central, security-aware artifact repository, your team can enforce strong cryptographic validation, limit exposure through precise access control, and maintain a clear audit trail. This makes it significantly harder for malicious or improperly validated artifacts to enter and propagate through the software supply chain.

To effectively defend against vulnerabilities stemming from inadequate artifact integrity validation, teams should adopt a series of interlocking best practices that reinforce trust across every stage of the software supply chain. A foundational step is implementing signed commits and enforcing commit signing policies within Source Code Management (

) systems. By requiring all commits to be signed with verified developer identities (and rejecting those that are not) businesses can ensure the authenticity of code contributions and trace their origins with confidence.

Beyond the source code itself, artifact signing and the use of in-toto attestations are critical for verifying the integrity and provenance of build outputs. With the right tooling, teams can sign every artifact generated during the build process and produce cryptographically verifiable attestations that describe how, when, and with what inputs those artifacts were created. This establishes a transparent, tamper-evident trail from source to binary.

Third-party components are another common source of risk. To mitigate this, it’s essential to perform multi-source integrity checks on all external dependencies. This means verifying package or container digests against official vendor-provided checksums and cross-referencing those results with additional trusted sources, reducing the chance of accepting a compromised or spoofed dependency.

Equally important is the secure storage of build artifacts. Repositories such as Cloudsmith provide access controls, audit logging, and built-in protections against unwarranted changes, helping to ensure that only validated artifacts make it into later stages of the pipeline or into production environments.

Finally, security shouldn't end once an artifact is deployed. Continuous drift detection and monitoring are crucial for identifying anomalous changes to IaC configurations or runtime environments. Free open-source tools such as Sysdig’s 

 can help detect early signs of Github account modifications, allowing teams to respond quickly and maintain a strong security posture over time.

Together, these practices create a resilient defence against integrity-based attacks, reducing the risk of compromised artifacts reaching production systems.

Improper artifact integrity validation remains a critical attack vector threatening software supply chain security. By adopting comprehensive cryptographic validation, secure artifact storage, and vigilant monitoring (all achievable within Cloudsmith) you can significantly reduce the risk of malicious code propagating unnoticed into production environments.

In the next and final instalment of this series, we will examine the last major risk identified in the OWASP Top 10 for CI/CD systems, which deals explicitly with insufficient logging and visibility. Reading through this series, and the associated 

, readers should be provided with a consolidated framework for securing their entire software delivery lifecycle end-to-end. Stay tuned.

OWASP CI/CD

OWASP CI/CD Part 9: Improper Artifact Integrity Validation

Cloudsmith 2025 Artifact Management Report

 offers timely insights into how engineering and DevOps teams are evolving their approach to software artifact management and software supply chain security. With supply chain attacks on the rise and Generative AI reshaping development practices, teams are reevaluating how they manage, secure, and scale their artifact repository infrastructure.


Security Leads All Priorities in Artifact Management

Security stands out as the top priority among artifact management users. In our survey of 307 professionals, over half (171 respondents) identified security benefits, such as centralised vulnerability scanning, access control, and protection against software supply chain threats as the most valuable aspect of their current solution.

The rapid shift to cloud-native development has introduced greater speed and flexibility but also new layers of complexity and risk. Teams are navigating increased regulatory scrutiny while working to deliver software faster than ever.

Artifact management has become a foundational tool across organisations of every size. The survey data shows widespread usage, with larger organisations facing more intricate security challenges around access, availability, and governance.


 work in organisations with 50 or more developers, highlighting the operational scale at which artifact solutions must now perform.

A Broad View of Roles and Responsibilities

The impact of artifact management tools spans multiple disciplines. Respondents represented a wide variety of roles, showcasing the cross-functional importance of artifact repositories and software delivery tools, from platform engineering through to specialised SecOps roles.



This diverse representation helped surface pain points and priorities that extend beyond traditional DevOps boundaries.

When asked about the most important factors in selecting an artifact management platform, respondents signalled a need for 


While security remains the most important factor, responses also reflect a demand for efficient, reliable platforms that reduce friction in daily workflows.

Key Trends Shaping Artifact Management in 2025

When asked about the biggest challenges, trends, and opportunities for 2025, survey participants emphasised several core themes:

There’s a clear shift from reactive vulnerability scanning to proactive assurance of software integrity. Platform teams are adopting SBOMs no longer as transparency tools but more so as a critical feature for threat detection, incident response, and forensics. Since these teams are now facing more frequent and sophisticated dependency attacks (such as dependency confusion, slopsquatting etc), priorities are now on artifact signing, verification, and provenance tracking to ensure each binary or package is authentic and untampered in an era defined by AI-generated code samples that we cannot blindly trust. Investing in real-time monitoring of artifact repositories is more urgent than ever to detect insecure packages.

While AI accelerates productivity, it introduces new layers of risk in artifact management. AI-generated code artifacts can bypass traditional vetting processes, leading to increased attack surface from insecure or non-compliant code. These automated CI/CD pipelines must now include flexible policy controls (such as the Cloudsmith’s implementation of 

) to address anomalous behaviour specific to your pipeline. These AI tools that are writing and modifying infrastructure code must be governed by strict security validation layers to avoid introducing vulnerabilities at scale, and similarly, the AI models themselves, often managed as artifacts, require protection against model poisoning, leakage, and unauthorised access.

Scaling isn't simply about performance, it magnifies the overall attack surfaces and risk vectors. Distributed artifact storage across hybrid or multi-cloud environments increases the need for unified access controls and encryption. High-throughput systems must therefore handle secure artifact replication and caching, avoiding stale or compromised versions. Many survey results provided feedback expressing concern that outages and downtime caused by inability to scale infrastructure in self-managed systems is causing teams to unsuccessfully meet their security and compliance controls.

Compliance is evolving into a continuous, security-aligned process rather than a periodic checkbox. Secure artifact management is now essential for compliance with SBOM mandates like the 

. Auditable trails for who built, modified, or accessed an artifact are mandatory in regulated industries such as finance, healthcare, defense. As regulators demand provenance and traceability, artifact managers are integrating attestation frameworks like 

 (Supply-chain Levels for Software Artifacts). Fines for non-compliance, such as open-source license misuse or PII exposure in containers are pushing security to automate policy enforcement in artifact workflows.

Open source remains a double-edged sword - essential but risky without additional controls. Repositories are implementing real-time CVE impact analysis, license verification, and even "trust scores" for third-party packages. Teams are adopting curated artifact registries, where only vetted open-source components are allowed into builds. Tools are increasingly focused on dependency graph analysis, not just to find vulnerabilities, but to understand transitive risk across teams and products. And ultimately greater visibility is needed across multi-team, multi-region development, requiring standardized governance models for how artifacts are consumed and updated securely.

Firsthand feedback on the common challenges faced by teams

Users shared direct feedback on where their current solutions are falling short. Recurring issues included:

“Too much downtime during operations.”
“Single point of failure, poor reliability/performance.”


“Slow performance, especially with large repositories.”
“Outdated Docker images causing slow CI/CD times.”


“Vendor solution was compromised, causing operational loss.”
“Concerns over security risks during deployment.”


“Complex UI makes it difficult for new users.”
“Learning curve and permission management in large teams.”


“Difficult to integrate with our existing CI/CD tools.”
“Integration failures disrupt workflow and force manual intervention.”


“Price increases and vendor locking are hard to justify.”
“Migration complexity slows progress in fast-moving teams.”

These responses reinforce the growing expectation for artifact management platforms that deliver performance, security, and simplicity, without compromise.

Unified Solutions for Modern Software Delivery

As teams prepare for the next wave of software delivery challenges, artifact management is becoming a critical point of leverage. Security leads the way, but success also depends on how well platforms can support scale, productivity, compliance, and evolving developer needs.

The findings from this year’s report seem to point to a common trend that development teams need unified solutions that are secure, scalable, and built for the real-world demands of modern software delivery. If you haven’t already downloaded the report, or you’d prefer to watch the webinar recording, both links are provided below.

2025 Cloudsmith Artifact Management Report

From AI to Scalability: 2025 Trends in Artifact Management

2025 Artifact Management Report

Security is a leading priority for 2025

As Generative AI (GenAI) reshapes the software development landscape, the risks and complexities around managing what gets built, where it comes from, and how it’s secured are growing just as fast. The 

 dives into this shift, offering critical insights into how teams are adapting their infrastructure and software supply chain security practices in response to the AI-generated code.

42% of developers using AI report that at least half of their codebase is now generated by AI tools

. Where in 2024 this might have been considered a theoretical shift, in 2025 we need to accept that this is not a practical reality reshaping how software is written. AI isn't just a helper on the sidelines; it’s actively contributing to the core of modern applications and transforming the day-to-day workflow of developers. While the rapid rise of GenAI is often seen as a leap forward in productivity and innovation, it also introduces new security risks and software supply chain vulnerabilities that can’t be ignored.

Attackers Are Targeting the Software Supply Chain

Adversaries are increasingly shifting their focus from traditional infrastructure attacks to targeting the software supply chain itself. Rather than breaching networks directly, they’re infiltrating the ecosystem through techniques like 

 (the creation of malicious packages with names deliberately designed to mimic legitimate ones).

These deceptive packages are easy to overlook, especially in fast-paced development environments. Developers, often under tight deadlines and relying heavily on AI-assisted tooling to manage dependencies, may unknowingly pull in these malicious components without thorough vetting. The result is a stealthy but highly effective method for attackers to introduce vulnerabilities directly into production code.

AI and automation: a double-edged innovation

Survey respondents anticipate that GenAI-driven automation will bring both benefits and complications, which should accelerate development workflows while also straining infrastructure with unpredictable behaviors and dependency complexities. Tools like 

 promise greater speed and efficiency in coding, but they also raise new red flags for security teams. As automation becomes more deeply embedded in the development process, the potential for AI-generated code to introduce unknown risks or unstable dependencies grows, which challenges the long-held assumptions about trust and reliability in the software pipeline.

These concerns are further amplified by the widespread adoption of Large Language Model (LLM)-based technologies. While LLMs can significantly boost developer productivity, they also pose new threats (such as recommending non-existent or harmful packages). When asked whether AI would worsen open-source 

 risks like typosquatting or dependency confusion, nearly 

a third warning of a significant rise in exposure

These evolving development patterns are expanding an already vulnerable software supply chain. Without rigorous artifact validation and integrity checks, developers face growing risks - not just from external attackers, but also from the very tools designed to help software development teams move faster.

To address these emerging threats, modern artifact management solutions must embed intelligent access controls and offer end-to-end visibility into artifact provenance. With dynamic access control policies, organizations can ensure only authorized users and processes can interact with sensitive assets, reducing the likelihood of unauthorized changes or malware insertion. Coupled with robust policy-as-code frameworks, enterprises can establish and enforce security protocols that adapt as threats evolve, especially in environments where AI-generated code is becoming commonplace.

Where in the SDLC are AI-generated risks coming from?

While the speed and efficiency benefits of using AI in software development are clear, the oversight is not.

Only 67% of developers surveyed review AI-generated code before every deployment

, leaving large portions of production code potentially unvetted. This is quickly becoming a growing vulnerability in the software supply chain. This behaviour, driven by a desire to move faster, is dramatically expanding the attack surface. AI isn’t just introducing new code, it’s also introducing new risks, often at scale. Traditional concerns like artifact integrity, dependency management, and 

 (Software Bill of Materials) are being compounded by AI’s ability to rapidly consume and reuse unknown or untrusted code.

41% of respondents identified code generation as the riskiest point of AI influence

, yet practices around review and trust remain inconsistent:

66% said they only trust AI-generated code after manual review.

Just 20% fully trust AI output without extra scrutiny.

Cloudsmith Blog

Unlocking API-driven policy-as-code automation with Cloudsmith EPM

Using Trivy Inside Cloudsmith

OWASP CI/CD Part 9: Improper Artifact Integrity Validation

Security is a leading priority for 2025

AI is now writing code at scale - but who’s checking it?

Enterprise Policy Management with Cloudsmith

Introducing Cloudsmith’s Enterprise Policy Manager

Enhance Security with Chainguard and Cloudsmith

Take control of user management with Cloudsmith's new SCIM capabilities

OWASP CI/CD Part 8: Ungoverned Usage of 3rd Party Services

Goodbye imagePullSecrets, Hello Kubernetes Credential Providers

CVE-2025-3248: Serious vulnerability found in popular Python AI package