The findings, released today in the Cloudsmith 2025 Artifact Management Report, highlight a widening gap between AI adoption in software development and oversight of the associated risks. 20% of developers said they trust AI-generated code “completely”. While 59% apply additional scrutiny to AI-generated packages, only 34% use tools that enforce policies specific to AI-generated artifacts, and 17% report having no such controls in place at all.
“Software development teams are shipping faster, with more AI-generated code and AI agent-led updates,” said Glenn Weinstein, CEO at Cloudsmith. “AI tools have had a huge impact on developer productivity, which is great. That said, with potentially less human scrutiny on generated code, it’s more important that leaders ensure the right automated controls are in place for the software supply chain.”
The report also found that 86% of developers have seen an increase in use of AI-influenced packages or dependencies over the past year, with 40% calling that increase “significant”. Despite this, only 29% of respondents felt “very confident” in their ability to detect vulnerabilities within open-source libraries, where AI tooling is likely to draw suggestions.
“Controlling the software supply chain is the first step towards securing it,” added Weinstein. “Automated checks and use of curated artifact repositories can help developers spot issues early in the development lifecycle.”
