2025 Artifact Management Report

The 2025 Artifact Management Report arrives at a moment of profound change for software development teams worldwide. As organizations grapple with unprecedented security challenges, rapid AI adoption, and complex software supply chains, this year’s findings expose the critical gaps and evolving expectations surrounding artifact management. With software now the backbone of nearly every modern enterprise, how companies store, secure, and deliver artifacts has become a strategic priority rather than a backroom IT function.

• 42% of developers saying that at least half of their current codebase is now AI-generated
• ~1/3 of developers using AI to generate code are deploying that code without always reviewing it
• 20% of developers say they trust AI-generated code completely
• 59% of developers apply extra scrutiny to AI-generated packages, only 34% use tools that enforce AI-specific policies
• 17% of developers have no controls at all for managing AI-generated artifacts
   

2025 Artifact Management Report: Securing software supply chains in the age of AI and automation

The report, based on responses from 307 participants spanning development, DevOps, security, and engineering leadership roles, paints a picture of an industry at an inflection point. Security, once a secondary benefit of artifact management platforms, has vaulted to the forefront. A staggering 56% of respondents identified improved security as the leading advantage of modern artifact management tools. This is not surprising given the surge in software supply chain attacks and the exposure risks introduced by AI-generated code.

The threat landscape has evolved dramatically in recent years. Software delivery pipelines have grown more complex and distributed, particularly as organizations embrace cloud-native architectures, multi-cloud environments, and globally dispersed development teams. Unfortunately, with this complexity has come vulnerability. High-profile supply chain attacks and dependency-based exploits have highlighted how poorly managed artifacts and weak governance can create catastrophic security gaps.

To address these risks, modern artifact management solutions are expected to offer far more than centralized storage. Respondents overwhelmingly called for advanced policy-as-code capabilities that automate security checks, enforce compliance, and ensure consistent governance across environments. Real-time vulnerability scanning, intelligent access control, and end-to-end artifact provenance are no longer optional, they are baseline requirements for any organization serious about securing its software supply chain.

These concerns are magnified by the accelerating adoption of Generative AI in software development. AI-powered tools like GitHub Copilot and Anysphere Cursor are already reshaping how developers write code, with 42% of surveyed AI users reporting that at least half of their codebase is now AI-generated. While AI offers undeniable productivity benefits, it also introduces a dangerous new attack surface. The report reveals that 79.2% of respondents believe AI will exacerbate open-source malware threats, with nearly one-third predicting a significant increase in exposure.

Malicious actors are adapting to this new reality with alarming speed. Techniques such as typosquatting and dependency confusion are being supercharged by AI, making it easier than ever for attackers to introduce compromised packages into software pipelines. And while 67% of developers claim they review AI-generated code before deployment, this leaves a troubling one-third of AI-assisted code potentially entering production without adequate scrutiny.

The lack of consistent oversight is compounded by uneven trust models. Just 20% of respondents fully trust AI-generated code without additional review, yet 59% apply extra checks to AI-suggested packages. Meanwhile, 41% of those surveyed identified code generation itself as the riskiest point in the software development lifecycle for AI influence. These statistics underscore an urgent need for artifact management platforms to evolve beyond passive storage solutions and actively safeguard the integrity of AI-assisted development.

Beyond security, performance and usability emerged as the most pressing frustrations with current artifact management tools. Over 25% of respondents cited performance and latency, such as slow artifact retrieval and sluggish CI/CD pipeline integration, as their primary bottlenecks. This frustration is directly impacting software velocity and innovation, particularly for organizations scaling globally or operating in hybrid and edge environments. Legacy platforms, built for static, centralized workflows, are simply failing to keep pace with modern demands.

Usability challenges also loomed large in the feedback, with complex permission models, unintuitive interfaces, and inconsistent version control cited as recurring pain points. As software teams expand and become more distributed, these usability hurdles create friction that hampers collaboration, slows delivery, and increases operational overhead.

The report highlights that selecting an artifact management solution is rarely a unilateral decision. A significant 54% of respondents indicated that they are part of a broader team responsible for evaluating and choosing artifact management tooling. This collaborative, cross-functional approach reflects how foundational these platforms have become to modern software delivery. Decisions around artifact management now involve stakeholders across development, operations, security, and leadership, a testament to the strategic importance of these tools in today’s software ecosystems.

Cost, complexity, and migration barriers also featured prominently in the survey responses. Price increases, vendor lock-in, and painful migrations were cited as key reasons why teams consider switching artifact management providers. These challenges point to an industry still maturing, where platform flexibility, seamless integrations, and transparent pricing remain areas of unmet need.

Against this backdrop, regulatory compliance has become an unavoidable reality for software teams. With global standards tightening and new legislation like the EU Cyber Resilience Act, DORA, and NIS2 coming into force, nearly half of respondents ranked compliance as a top factor when selecting artifact management tools. The emphasis on auditability, traceability, and secure software supply chains has never been more pronounced.

Organizations are under pressure to not only deliver software quickly, but to do so safely, predictably, and in full alignment with regulatory mandates. Legacy tools that lack built-in support for compliance requirements are becoming liabilities. Enterprises are seeking platforms that can enforce policy-as-code at scale, provide granular access controls, and deliver the visibility necessary to meet both security and regulatory expectations.

Perhaps most strikingly, the report illustrates how AI has fundamentally reshaped the software development landscape, and with it, the expectations for artifact management. The rise of AI-generated code is not a distant possibility, it is today’s reality. Developers are under immense pressure to deliver faster, and AI is helping them meet that demand. Yet the accompanying risks, unvetted code, compromised dependencies, and expanding attack surfaces, are growing just as quickly.

Only 29% of teams expressed strong confidence in their ability to detect malicious code in open-source libraries, the very ecosystem where AI tooling often sources its suggestions. In this context, the report’s call for secure checkpoints in AI-assisted development is both timely and essential. Automated policies, artifact provenance tracking, and integration of trust signals directly into development pipelines are no longer theoretical aspirations, they are operational necessities.

The Artifact Management Report 2025 delivers a clear message: the status quo is no longer sustainable. Artifact management has evolved from a behind-the-scenes function to a mission-critical pillar of software delivery. The platforms that will define the future are those that prioritize security, scalability, usability, and AI-readiness by design.

For vendors, this is both a challenge and an opportunity. Those able to deliver modern, cloud-native, globally distributed artifact management solutions that address these emerging needs will be uniquely positioned to lead in a fast-changing landscape. Those who fail to evolve risk being left behind as enterprises re-architect their software supply chains for resilience, trust, and speed.

For organizations, the stakes have never been higher. The pace of software innovation is accelerating, but so too are the risks. Navigating this new reality requires a rethinking of how artifacts are managed, how AI-generated code is trusted, and how security and compliance are embedded into every stage of the development lifecycle.

In this environment, artifact management is no longer a passive, infrastructure-level concern. It is a strategic, cross-functional priority that directly impacts an organization’s ability to innovate, compete, and protect itself from an evolving threat landscape. As the report makes clear, the time to act is now. The future of software delivery, and the security of the global digital economy, depends on it.

While many view the rise of Generative AI (GenAI) as a positive shift, the reality is more complex.