AI’s Impact on Open Source: Insights from the Latest Trusted Open Source Report
In December 2025, the inaugural State of Trusted Open Source report provided valuable insights into open source software consumption, highlighting the projects, versions, and libraries that teams frequently utilize, along with associated vulnerabilities and remediation efforts. Fast forward a few months, and the landscape has evolved significantly, primarily due to the accelerated integration of artificial intelligence (AI) across the software development lifecycle.
Accelerated Development and AI Integration
The rapid advancement of AI technologies has transformed software development, embedding AI into various stages from code generation to infrastructure automation. This integration has expanded the capabilities of development teams, enabling them to build and deploy applications more swiftly. However, this acceleration also brings new challenges, particularly in maintaining security within the open source ecosystem.
Methodology of the Latest Analysis
The recent analysis examined over 2,200 unique container image projects, identified 33,931 vulnerability instances, and cataloged 377 unique Common Vulnerabilities and Exposures (CVEs) between December 1, 2025, and February 28, 2026. The terms top 20 projects and long tail projects refer to the most and least frequently used images, respectively, based on real-world usage patterns observed across the customer portfolio.
Key Findings from the Report
1. Surge in Python and PostgreSQL Usage Reflects AI Adoption
Python continues to dominate as the most popular image, with 72.1% of customers utilizing it. This underscores Python’s pivotal role in AI development, serving as the default language for machine learning, data pipelines, and automation tasks. Additionally, PostgreSQL usage experienced a 73% increase quarter-over-quarter, highlighting its growing importance in AI workloads, particularly for vector search and retrieval-augmented generation tasks.
2. Standardization of the Modern Platform Stack
The data indicates a trend toward standardization within the modern platform stack. Language ecosystem images constitute more than half of the top 25 images used in production environments. Python (72.1%), Node.js (60.7%), Java (44.4%), Go (42.8%), and .NET (27%) are leading the runtime layer, reflecting a convergence around these core technologies.
3. Chainguard Base Emerges as a Developer Tooling Foundation
The chainguard-base image, a minimal distroless base image devoid of any toolchain or applications, has become the fifth most-deployed image by customer count. Approximately 36.3% of customers utilize this image, customizing it to include specific developer and operational utilities such as curl, bash, jq, git, and cloud tooling. This trend demonstrates a preference for secure, customizable base environments that can be tailored to specific workflow requirements.
4. AI Accelerates Software Development and Vulnerability Discovery
The integration of AI has led to a significant increase in both software development speed and vulnerability discovery. The report notes a 145% rise in unique CVEs and a 300% increase in fixes applied compared to the previous quarter. This surge reflects the dual impact of AI: facilitating faster code production and enabling more efficient identification of vulnerabilities.
5. Long Tail Projects Present Substantial Security Risks
A notable 96% of vulnerabilities found and remediated occurred in projects outside the top 20 most popular images. This finding emphasizes that while core infrastructure components are becoming standardized, the majority of security risks reside in less visible, long tail projects. Managing these dependencies is crucial for comprehensive software supply chain security.
6. Compliance Drives Adoption of Trusted Open Source
Regulatory requirements continue to influence the adoption of trusted open source solutions. For the first time, a Federal Information Processing Standards (FIPS)-compliant variant of a Chainguard container image entered the top 10 images by customer count. This milestone reflects the growing importance of compliance frameworks such as FedRAMP, PCI DSS, SOC 2, and the EU Cyber Resilience Act in shaping software deployment decisions.
Implications for the Future
The data from this quarter underscores a clear trend: as AI accelerates software development, the volume of code and dependencies increases, necessitating robust security measures. Organizations must integrate security into the development process itself, treating it as an integral component rather than an afterthought. This approach ensures that as development speeds up, security measures keep pace, maintaining trust and reliability in the software supply chain.
Chainguard recognizes the challenges posed by the rapid integration of AI technologies and has introduced products such as Chainguard Agent Skills and Chainguard Actions to address these issues directly. By offering trusted open source solutions, Chainguard aims to provide a secure-by-default foundation upon which organizations can build confidently.
