When AI writes your code, your supply chain just got a new stranger in it
For years, defenders worried about which open-source parts sat inside their software. Now an AI assistant is quietly adding parts of its own, and nobody is quite sure who owns the risk.

Key points
- Software supply chain security has spent five years focused on open-source components, after incidents like SolarWinds in 2020, Log4Shell in 2021 and the XZ Utils backdoor uncovered in March 2024.
- AI coding assistants now write or suggest a growing share of production code, introducing a new source of untrusted material into the build pipeline.
- AI tools can invent package names that do not exist, a mistake attackers are already exploiting by registering those fake names with malicious code inside.
- Traditional software bills of materials, the ingredient lists companies keep for their software, do not record which lines an AI wrote or which prompt produced them.
- Security teams are being asked to defend a pipeline where the author of the code is sometimes a statistical model, not a person.
For most of the last five years, the phrase "software supply chain security" meant one thing. What is inside your code?
Which open-source libraries, small bundles of pre-written code that developers pull in to save time, are you using? Which versions? And which of those libraries quietly pull in other libraries three or four layers deep, that no human on the team ever consciously chose?
That was the lesson of SolarWinds, where hackers slipped malicious code into a trusted software update in 2020 and rode it into US federal agencies. It was the lesson again with Log4Shell in 2021, a flaw in a tiny logging component buried inside thousands of products. And once more with XZ Utils in 2024, where an attacker spent years posing as a helpful open-source contributor before planting a backdoor in software used across Linux systems.
The risk, in every case, lived less in the code a company wrote itself and more in the code it inherited.
Now there is a new inheritance to worry about. The AI wrote it.
What actually changes when an AI writes your code?
The author of the code is no longer always a human being, and that breaks assumptions the whole security industry has been quietly leaning on.
When a developer at a bank picks a library, there is a person making a choice. They can be asked why. They can be trained. They can be told, "do not use anything from that repository." When an AI coding assistant, a tool like GitHub Copilot or a similar large language model, suggests a block of code, the picking happens inside a statistical model that nobody fully understands, not even the company that built it.
The assistant might suggest a real, well-maintained library. It might suggest an outdated one with known flaws. It might, and this is already happening in the wild, invent a package name that does not exist at all.
That last one has a name in the security world: slopsquatting. Researchers have shown that AI assistants regularly hallucinate package names, guessing what a useful library might be called. Attackers watch for those guesses, then register the invented names on public repositories with malicious code inside. The next developer who accepts the AI's suggestion installs the malware themselves.
Why the old paperwork does not cover this
Most large organisations now keep a software bill of materials, or SBOM, which is essentially an ingredient list for a piece of software. It records every open-source component, every version, every dependency.
An SBOM does not record that lines 40 to 70 of a file were written by an AI assistant at 2pm on a Tuesday, in response to a vague prompt from a junior developer. It does not record which model produced them, or what training data shaped the suggestion.
As The Hacker News noted in its coverage of the shift, the industry built its defences around one question, what is in your code, and is now facing a second one it has barely started to answer. Who, or what, put it there?
What ordinary customers should take from this
You do not need to understand build pipelines to get the practical point. The apps on your phone, the portals your bank uses, the software running your GP's booking system: more of the code inside them is being drafted by AI, checked lightly by humans, and shipped.
That is not automatically bad. But it means the promises companies make about "knowing what is in their software" are, for now, running behind reality. Expect more disclosures over the next year of vulnerabilities traced back to AI-suggested code. Keep your own software updated. That advice has not changed, and it matters more, not less.



