Discord Contact
Aaron Bray

Aaron Bray

CEO of Phylum, Inc.
2025 Software Supply Chain Security Trends & Predictions: AI, Shadow Application Development and Nation State Attacks

2025 Software Supply Chain Security Trends & Predictions: AI, Shadow Application Development and Nation State Attacks

Phylum Insights and Resources
In 2025, prepare for increased software supply chain attacks initiated from the open-source ecosystem, more attack types, and expanded attack vectors.
Aaron Bray 6 min read

Phylum Blocks Software Supply Chain Security Attacks

Phylum identifies malicious or risky open-source packages before they enter the software supply chain.

SCA or public databases
82%

of Phylum’s findings are not found by
SCA or reported to public databases

Other curation tools
70%

of Phylum’s findings are not found by
other curation tools

Other software supply chain companies
60%

of Phylum’s findings are not found by
other software supply chain companies

How to Mature Your Software Consumption and Modernize Your Software Supply Chain Security

How to Mature Your Software Consumption and Modernize Your Software Supply Chain Security

Phylum Insights and Resources
Protect your appsec. Malicious packages pose a greater risk to the software supply chain than vulnerabilities. See Phylum Research.
Aaron Bray 6 min read

Phylum Blocks Software Supply Chain Security Attacks

Phylum identifies malicious or risky open-source packages before they enter the software supply chain.

SCA or public databases
82%

of Phylum’s findings are not found by
SCA or reported to public databases

Other curation tools
70%

of Phylum’s findings are not found by
other curation tools

Other software supply chain companies
60%

of Phylum’s findings are not found by
other software supply chain companies

The xz/liblzma Compromise and Software Supply Chain Security

The xz/liblzma Compromise and Software Supply Chain Security

Phylum Insights and Resources
A Major Threat to Software Supply Chain Security. This attack highlights the risks of relying on open-source libraries without proper scrutiny.
Aaron Bray 4 min read

Phylum Blocks Software Supply Chain Security Attacks

Phylum identifies malicious or risky open-source packages before they enter the software supply chain.

SCA or public databases
82%

of Phylum’s findings are not found by
SCA or reported to public databases

Other curation tools
70%

of Phylum’s findings are not found by
other curation tools

Other software supply chain companies
60%

of Phylum’s findings are not found by
other software supply chain companies