The report outlines how AI tools are increasing software supply chain risks by generating insecure code and importing vulnerable dependencies. It also highlights that most Model Context Protocol servers lack crucial safeguards, making them unreliable for enterprise use. Endor Labs urges organizations to treat AI-generated code as untrusted and apply the same security measures as they do for human-written code.

AI-generated code poses significant risks to the software supply chain due to the prevalence of non-existent dependencies, which can be exploited in dependency confusion attacks. A recent study found that a majority of code samples generated by large language models contained these "hallucinated" dependencies, increasing the likelihood of malicious packages being unknowingly installed by developers. This vulnerability highlights the need for careful verification of code outputs from AI models to prevent potential security breaches.