The "State of Dependency Management 2025" report highlights significant risks introduced by AI coding agents and Model Context Protocol (MCP) servers in software development. As developers increasingly use AI tools, the research from Endor Labs shows that these agents not only generate insecure code but also pull in vulnerable or non-existent open-source dependencies on a large scale. An analysis of 10,663 GitHub repositories revealed that the MCP ecosystem is still immature, with 75% of MCP servers created by individuals lacking enterprise-level safeguards. Additionally, 41% of these servers don't provide any licensing information, which complicates corporate adoption, and 82% utilize sensitive APIs that need stringent security measures. This shift in software supply chain dynamics introduces new vulnerabilities. Unvetted AI-generated code and MCP integrations create additional "links" in dependency chains, broadening the attack surface beyond traditional package managers and build pipelines. To mitigate these risks, Endor Labs urges companies to treat AI-generated code as untrusted input. This means implementing the same rigorous code review and security scanning processes typically applied to human-generated code. The report emphasizes that dependencies contribute significantly to the code developers deliver and the vulnerabilities they encounter. Over four years, Endor Labs has consistently demonstrated through its research how critical dependency management is to software security.