Sonatype Research Labs, marking its 15th anniversary this year, published a new analysis on Monday showing that targeted malicious package advisories increased 75-fold between 2023 and 2025, rising from 21 incidents to 1,576. The report, titled "Attacking the Assembly Line", argues this is not a spike in attacker interest but a strategic shift in method.
Where earlier campaigns tried to catch any developer by flooding repositories, the 2024 and 2025 campaigns are increasingly built around specific developers, organisations, or tool ecosystems. Nearly half (47.3%) of all classified open source malware now impersonates trusted software or developer tools, up from around 14% annually between 2021 and 2024. More than 60% of AI-era malicious packages execute during installation, before conventional security controls can intervene. A quarter of malicious packages now use obfuscation and multi-stage droppers.
The research identifies a structural reason for the shift. AI coding assistants and automation tools have accelerated the pace at which developers discover and install new dependencies. Attackers are adapting by targeting that discovery layer rather than hoping developers make post-deployment mistakes. If a malicious package looks legitimate at the point of selection, it can compromise credentials and access tokens before code ever reaches a review stage.
"The AI era forced us to rethink where software supply chain research was headed," said Adam Cazzolla, head of research labs at Sonatype. "Vulnerabilities remain important, but we realised the next frontier is understanding intentionally malicious software and the attackers behind it. That's exactly what Attacking the Assembly Line explores: not just how attacks are changing, but why they're changing."
Brian Fox, co-founder and CTO of Sonatype and steward of Maven Central, offered historical context: "Fifteen years ago, people questioned whether open source vulnerabilities even mattered. Many organisations didn't realise how much open source they were actually shipping. Software supply chain attacks and software composition analysis were not a part of the conversation. Today, every organisation depends on software they didn't write, and attackers know it."
Sonatype Research Labs was founded in 2011 and operates the intelligence underlying the Nexus Repository platform and Maven Central. The full report is available at sonatype.com.
To stay across the latest in cloud, AI and enterprise tech analysis from Compare the Cloud, subscribe to our weekly newsletter at https://www.comparethecloud.net/newsletter