VendorsJFrog
JFrog
Cybersecurity reports and statistics published by JFrog
8 categories1 reports
Research Reports
Reports and publications from JFrog
Recent Statistics & Reports
495 malicious AI models were identified on Hugging Face.
5/27/2026•
Malicious AI ModelsMalware
18% of organizations have zero governance over their IDE or MCP servers inside developers' workflows.
5/27/2026•
Developer Tools
The "Qix" campaign used 25 packages to compromise over 2.5 million downloads.
5/27/2026•
Package ManagementMalicious Package
969 malicious AI agent skills were identified carrying high-impact payloads.
5/27/2026•
AI SecurityAgentic ToolsMalicious AI Agent Skills
Malicious npm packages surged 451% year-over-year.
5/27/2026•
npm PackagePackage ManagementMalicious Package
177,000 new malicious packages were detected across registries in the last year.
5/27/2026•
Package ManagementMalicious Package
56 malicious extensions were identified on OpenVSX.
5/27/2026•
MalwareMalicious Extensions
Secrets detection is active at just 28% of organizations.
5/27/2026•
Secrets ManagementSecrets Detection
45% of security and DevOps professionals say reviewing and hardening AI-generated code is now a major time drain.
5/27/2026•
AI-Generated CodeWorkload
97% of organizations claim they have certified model governance.
5/27/2026•
AI GovernanceModel Risk
Over 48,000 new CVEs were disclosed in 2025, a 20% year-over-year increase.
5/27/2026•
VulnerabilitiesCVEs
Injection (CWE-74) occurrences grew 3,110%.
5/27/2026•
VulnerabilitiesInjection
66% of analyzed CVEs had minimal real-world applicability.
5/27/2026•
VulnerabilitiesRisk AssessmentCVEs
Only 40% of organizations have adopted malicious package detection.
5/27/2026•
Malicious PackagesThreat Detection
53% of organizations self-host models from sources where malicious payloads have been detected.
5/27/2026•
Model RegistriesMalicious Payloads