Held during the 2025 Black Hat USA conference, the second annual Lineaje Software Supply Chain Security Summit at Hacker Summer Camp brought together leading voices in cybersecurity, software development, and AI to discuss the state of software supply chain security.
With a full lineup of industry speakers, partners and customers, the Summit tackled the most pressing challenges and opportunities facing the security industry today.
Here are the top 9 takeaways from the experts who are shaping the future of software supply chain security.
1. AI Is Transforming Security, from Copilot to Autopilot
AI is evolving from assistive tools to autonomous agents, introducing new risks like hallucinations and unpredictable behavior. Organizations need to adapt security strategies to probabilistic models, where outcomes aren’t binary but nuanced and dynamic.
2. Security Must Be Embedded in CI/CD Pipelines
In a Summit presentation on the state of DevOps and cloud security, Enterprise Strategy Group’’s Melinda Marks emphasized that software supply chain attacks are what people are watching out for and waiting to report on - in terms of calculating the severity and where improvements are needed. Security needs to be involved at every stage. It’s more important than ever for organizations to present themselves as enablers to safely use AI as it increases its presence in workflows.
Traditional security models are too slow to solve advanced autonomous problems. To keep pace with modern development, security must be real-time, continuous, and developer-friendly, which is integrated directly into CI/CD workflows without slowing down innovation.
3. Legacy Systems Are Holding Back Progress - Security Tooling Needs A Rethink
Many enterprises still rely on outdated build scripts and pipelines, making it hard to adopt new security tools. In a conversation between Katie Norton of IDC and Cassie Crossley of Schneider Electric, Norton said that securing the software supply chain is like flying a plane while it’s being built. It’s going to take time to see the whole picture. Crossley added that a top concern CSOs have is that they don’t know what’s going into securing the development infrastructure. The solution? Security tooling needs a rethink.
New security tools that are:
Organizations must balance efficiency with security, especially when integrating tools that work with existing infrastructure.
4. Binary Analysis Is Empowering Transparency
A growing trend is the use of binary analysis tools to assess third-party software when vendors lack transparency. Binary solutions can enable organizations to inspect without any involvement from the vendor. Looking inside software when it’s sourced can show static and dynamic natures which can change and evolve. That’s why determining what makes up your software (whether it’s pulled from third-party artifacts or open-source code) is very important. Think of binary analysis as a type of code review. It’s a crucial step in software security to check for vulnerabilities and software supply chain threats. The process includes reverse engineering to understand the structure of a program – this empowers consumers to evaluate risks independently.
5. AI-Generated Code Is Just the Tip of the Iceberg
AI-generated code shouldn’t be left untreated. It can be as vulnerable as human-written code. The real challenge isn’t just AI-written code, it’s the lack of automated security coverage across all code sources. It’s also raising concerns about trust, quality, and review processes. It should be top of mind for threat response teams to pay more attention to developer identity and non-human actors as emerging critical attack vectors.
6. Open-Source Software (OSS) Is Risky but Unavoidable
OSS is everywhere, but trusting its source, prioritizing vulnerabilities, and tracking changes remain major hurdles. Organizations must develop robust OSS governance to manage these risks effectively.
7. AI in Remediation Needs Trust
AI can help patch vulnerabilities, but humans will take time to trust automation, completely. Approaches will need to be thoroughly vetted before being blindly turned on without human review. Especially in high-stakes environments like medical devices, compliance, and safety must be confirmed and consistently reliable.
8. Explainability and Auditability Build Trust in AI
AI can enhance risk analysis by enabling faster detection of vulnerabilities. However, it can also accelerate exploit creation. To trust AI systems, organizations need transparent workflows, clear reasoning, and auditable actions. These features enable rollbacks, root cause analysis, and regulatory compliance.
9. Tooling Gaps Are Slowing Down Security Maturity
Critical tools like Software Bill of Materials (SBOM) generation, secret scanning, and dependency analysis are still underutilized for protecting the software supply chain. As Lineaje CEO and co-founder, Javed Hasan, has pointed out, take for instance the GitHub attack, which brought attention to SBOMs management for dealing with not only vulnerabilities for application code, but also build tools and dependencies.
According to Lineaje’s latest research, 29% of security teams still lack the tools to effectively analyze SBOMs, which makes it harder for organizations to track and prioritize threat responses. In other words, manual processes dominate, and fragmentation across tools makes it hard to build a cohesive security strategy. Organizations must invest in solutions to avoid blind spots in their tracking and threat response strategies.
The prevalent shift of software supply chain security from a niche concern to a foundational business imperative was undeniable at the Lineaje Software supply Chain Security Summit. With AI poised to fundamentally transform the fabric of software creation and security, the industry faces a critical juncture. To navigate this evolving landscape and outmaneuver the relentless pace of emerging threats, organizations must not only embrace but champion automation, transparency, and speed. The future of secure software hinges on the collective ability to adapt with foresight and agility, transforming potential vulnerabilities into opportunities for resilience and readiness.
Stay tuned for insights from our next event: The Lineaje Software Supply Chain Security Forum at the 16th Annual Billington CyberSecurity Summit.
