The 2025 Software Supply Chain Security Report: Summary

The annual software supply chain security reports from the major research firms converge most years into a familiar pattern of "attacks up, adoption up, still a gap." 2025 is the first year in a while where the report content materially diverged from the pattern, and the reasons are worth sitting with before the year-over-year numbers numb the interpretation. Three factors make 2025 different: the EU Cyber Resilience Act moved from rulemaking to enforceable implementation dates, AI-specific supply chain risks emerged as a named category with its own numbers, and the regulatory cost of non-compliance became quantifiable for the first time as early CRA enforcement cases appeared. The report this year is more prescriptive than past years because the baseline assumptions changed. This summary is the version we'd give a security leader who does not have time to read the whole 180-page aggregate.

What does the 2025 attack trend data show?

Software supply chain attacks, by the main reporting bodies' joint count, grew roughly 25–30% year-over-year in 2025. The composition shifted:

• Account takeover attacks on package registry maintainers remain the largest attack vector by incident count, but the growth rate is leveling — the ecosystem's adoption of 2FA and provenance is starting to bite.
• Dependency confusion and typosquatting continued growing, with specific spike periods tied to named adversary campaigns.
• Build pipeline compromise grew fastest as a category, driven by a handful of high-profile incidents and broader attacker awareness that CI is the highest-leverage target.
• AI/ML supply chain attacks appeared as a named category for the first time with meaningful incident volume — compromised model repositories, training data poisoning, and malicious fine-tuning datasets.

The operational takeaway: defenses optimized for 2023's attack mix are necessary but not sufficient in 2025. The attention shift toward build pipeline and AI supply chain is the planning signal.

How much did SBOM adoption actually grow?

Meaningfully, and for the first time the gap between "generate SBOMs" and "consume SBOMs" narrowed. The 2025 report numbers:

• ~70% of surveyed software-producing organizations report generating SBOMs for at least some production artifacts, up from ~50% in 2023.
• ~35% report actively consuming SBOMs from vendors in their security workflows, up from ~12% in 2023.
• ~45% report that SBOM quality (completeness, accuracy, depth) is the blocking issue for further consumption.

The quality story is becoming the interesting one. Generating an SBOM is no longer a differentiator; producing an SBOM that is actually machine-consumable at depth is.

What did regulatory enforcement do in 2025?

Three specific enforcement-pattern shifts:

EU CRA early cases. The first enforcement cases under CRA's consumer-protection provisions surfaced in late 2025. The penalties are not yet at the headline level, but the precedent is set: non-compliant products are being named and required to remediate on specific timelines. Expect 2026 to include the first material fines.

Federal SSDF attestation enforcement. The US federal procurement path made SSDF attestation a standing expectation rather than an aspirational one. Vendors without attestation infrastructure are losing bids visibly.

Insurance pricing tied to posture. Cyber insurance premiums in 2025 began pricing supply chain controls specifically — presence of SBOM, active vulnerability program, signing infrastructure. This is a market mechanism that complements regulation and will probably move faster than regulatory enforcement in the near term.

What does AI/ML supply chain data look like?

New category, high growth rate, still small absolute volume. Specific findings from 2025:

• Model hub compromises (Hugging Face, similar) produced a handful of high-profile incidents but the total count is still small.
• Training data provenance is the category most organizations do not have answers for. "We fine-tuned on data from X" is a sentence most enterprises cannot complete with full confidence.
• Embedding models specifically are a supply chain blind spot — they are dependencies, they can be compromised, and most organizations do not track them as supply chain components.
• AI coding assistants are now a named risk category in questionnaires. The data leakage paths, model-substitution risks, and output-trust issues are being explicitly asked about.

If your 2026 plan does not have a named workstream for AI supply chain controls, that's the gap the 2025 report identifies most clearly.

What about time-to-remediation metrics?

Slightly improved but still the binding constraint:

• Median time-to-patch for critical CVEs dropped from ~30 days in 2023 to ~22 days in 2025. Progress, but still slower than the threat model assumes.
• Long-tail distribution is the real problem. Median is fine; P95 is not.
• Reachability-informed prioritization showed measurable effect where deployed — organizations using reachability data reported P95 remediation times ~40% lower than peers relying on CVSS-only triage.

The 2025 report explicitly identifies reachability-informed prioritization as the single highest-leverage control change available to most programs.

What are the biggest gaps the report identifies?

Four:

1. AI supply chain visibility. Named above. Most organizations are at SBOM-for-software circa 2022 maturity on AI components.
2. Build pipeline attestation depth. Organizations generating provenance attestations often produce them at SLSA L1 or L2 quality; L3 adoption lags.
3. Vendor attestation verification. Receiving SSDF attestations from vendors is common; actually verifying the claims is rare.
4. Incident response for supply chain events. IR playbooks for "a dependency we use was compromised upstream" are either missing or outdated in most organizations.

What should 2026 planning take from this?

Five priorities ranked by the report's evidence:

1. Close the AI supply chain visibility gap. Start with AI-BOM inventory.
2. Move SBOM focus from generation to quality and consumption.
3. Deploy reachability-informed prioritization if you haven't. The leverage is higher than any other single control change.
4. Harden build pipeline attestation. Target SLSA L3.
5. Write and rehearse supply chain incident playbooks. The next XZ-class event is not an abstract possibility.

How Safeguard Helps

Safeguard implements the 2025 report's priority list as platform features rather than aspirations: AI-BOM ingest tracks AI components alongside software components in the same supply chain graph; SBOM consumption features make vendor-supplied SBOMs queryable across the portfolio; reachability-informed prioritization is the platform's default triage mode; and SLSA L3-grade provenance attestations are generated automatically from the build pipeline. Griffin AI produces organization-specific versions of the industry year-end report, so the numbers are your numbers rather than the industry aggregate. For security leaders planning 2026 against the 2025 report's findings, Safeguard compresses the gap between the report's recommendations and operational implementation.