Tricentis unveiled its vision for the future of AI-powered quality engineering, a unified AI workspace and agentic ecosystem that brings together Tricentis’ portfolio of AI agents, Model Context Protocol (MCP) servers and AI platform services, creating a centralized hub for managing quality at the speed and scale of modern innovation.
Zero-Vunerability Dreams, Real-World Risks
June 11, 2025
Developers often embody the roles of artists, architects, and inventors. Through their expertise, companies have transformed from emerging startups into industry-leading unicorns. But while developers may have an eye for innovation, they are not, nor should they be, security experts or open-source specialists — despite expectations from security teams.
This disconnect has led to an environment where confidence in delivering zero-vulnerability software far outpaces actual preparedness. A new survey from Lineaje revealed that nearly a third of security professionals (32%) believe they can deliver zero-vulnerability software despite the myriad threats and increasing compliance regulations. While 68% are more realistic, the initial number highlights some critical blind spots in organizations' software supply chain defenses.
Here are the other top findings from the research:
Mounting SBOM Regulations Met with Incomplete Implementation
The overwhelming majority (90%) of today's software architectures are made up of open-source code. Unfortunately, 95% of all software weaknesses are directly attributable to open-source. The survey found that 34% of security professionals have reported difficulty in identifying and tracking open-source dependencies. The result is an increase in software supply chain attacks like the recent easyjson open-source vulnerability.
In an effort to curb these breaches, there has been an increase in software bill of materials (SBOM) regulations, including the US Office of Management and Budget (OMB) Memo M-22-18, Executive Order 14028, and the EU Cyber Resilience Act. However, the research found that 48% of security professionals are falling behind the legislation, and 47% have not started SBOM integration or are still in the evaluating tools and practices stage.
Security Teams Leaving "Small" Vulnerabilities Unaddressed
According to the survey, 38% of security professionals are trying to stay ahead of threat actors by prioritizing the most vulnerable areas of applications. At first, this seems positive. However, it leaves the supposedly less vulnerable areas in the software supply chain open to attack. With AI advancements, all vulnerabilities have the potential to cause catastrophic damage. Without full visibility into all software supply chain dependencies, organizations are likely underestimating risk.
Nearly a third (29%) of teams are still lacking the tools and processes needed to analyze SBOMs for vulnerabilities. Organizations face delayed threat times, widening the window of opportunity for attackers to exploit them, without the ability to correlate SBOM data with known weaknesses.
AI Remediation is Rising, But So Are AI-Driven Threats
Almost all (88%) of security professionals surveyed believed AI has the potential to significantly enhance software supply chain visibility. Over the past few years, there's been an uptick in organizations' desire to use AI for auto-remediation of code. While the readiness to adopt AI to secure code is a good thing, it's only half of the AI equation.
AI also introduces considerable risks. When asked what the most pressing issues are with AI, respondents said data security and privacy risks (35%) and AI code generation and vibe coding risks (26%). With AI code generation and vibe coding significantly increasing the software supply chain attack surface, this makes a lot of sense. While AI-powered auto-remediation is a great tool in combating this increased risk, it is limited to vulnerabilities for which fixes are available. 70% of respondents admitted that when a fix isn't available, they either don't have or are not sure if there is a remediation plan in place.
Developers can't carry the burden of security by default, and AI, while promising, is no silver bullet. The survey proves the necessity for organizations to bridge the gap between ambition and execution by investing in full-lifecycle visibility technologies, enforcing SBOM best practices, and preparing for the risks that are coming with AI. Without this balanced approach, the aspirations for zero-vulnerability software will remain more fiction than reality.
Industry News
October 14, 2025
Kong announced new support to help enterprises adopt and scale MCP and agentic AI development.
October 14, 2025
Copado unveiled new updates to its Intelligent DevOps Platform for Salesforce, bringing AI-powered automation, Org Intelligence™, and a new Model Context Protocol (MCP) integration framework that connects enterprise systems and grounds AI agents in live context without silos or duplication.
October 09, 2025
Xray announced the launch of AI-powered testing capabilities, a new suite of human-in-the-loop intelligence features powered by the Sembi IQ platform.
October 09, 2025
Redis announced the acquisition of Featureform, a framework for managing, defining, and orchestrating structured data signals.
October 09, 2025
CleanStart announced the expansion of its Docker Hub community of free vulnerability-free container images, surpassing 50 images, each refreshed daily to give developers access to current container builds.
October 08, 2025
The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, announced the graduation of Knative, a serverless, event-driven application layer on top of Kubernetes.
October 08, 2025
Sonatype announced the launch of Nexus Repository available in the cloud, the fully managed SaaS version of its artifact repository manager.
October 08, 2025
Spacelift announced Spacelift Intent, a new agentic, open source deployment model that enables the provisioning of cloud infrastructure through natural language without needing to write or maintain HCL.
October 07, 2025
IBM announced a strategic partnership to accelerate the development of enterprise-ready AI by infusing Anthropic’s Claude, one of the world’s most powerful family of large language models (LLMs), into IBM’s software portfolio to deliver measurable productivity gains, while building security, governance, and cost controls directly into the lifecycle of software development.
October 07, 2025
The Linux Foundation, the nonprofit organization enabling mass innovation through open source, announced its intent to launch the React Foundation.
October 07, 2025
Appvance announced a new feature in its AIQ platform: automatic generation of API test data and scripts directly from OpenAPI specifications using generative AI.
October 06, 2025
Mirantis announced availability of Mirantis OpenStack for Kubernetes (MOSK) 25.2 that simplifies cloud operations and strengthens support for GPU-intensive AI workloads as well as traditional enterprise applications.
October 06, 2025
Cycloid released a new model context protocol (MCP) compliant server that can undertake a range of platform actions, allowing users to interact with the MCP using natural language via an LLM (Large Language Model).
October 06, 2025
The Adaptavist Group announced the acquisition of D|OPS Digital, a DevSecOps consultancy that increases the efficiency and speed of software delivery.
