Supply-chain attacks continued to plague organizations of all sizes in 2025, building on a trend highlighted in the previous year, with threat actors exploiting vulnerabilities in widely used software and cloud services to compromise numerous downstream users. This year saw a continuation of the trend where attackers targeted a single point of compromise, such as a cloud service provider or a software developer, to gain access to potentially millions of their clients.

One notable incident, originating in December 2024 but with ramifications extending into 2025, involved the Solana blockchain, where hackers stole approximately $155,000 from thousands of smart-contract parties. The method involved injecting malicious code into the supply chain, allowing the attackers to profit by surreptitiously diverting funds.

Supply-chain attacks are attractive to malicious actors because they offer a high return on investment. By compromising one entity with a large user base, attackers can achieve widespread impact with relatively little effort compared to targeting individual organizations. This approach has proven particularly effective against organizations leveraging cloud services, open-source software, and other widely distributed technologies.

The rise of artificial intelligence (AI) has further complicated the landscape. While AI offers potential solutions for detecting and preventing supply-chain attacks, it also presents new avenues for exploitation. For example, attackers could use AI to identify vulnerabilities in software code or to automate the process of injecting malicious code into the supply chain.

Experts suggest that organizations need to adopt a multi-layered approach to security, including robust vulnerability management, supply chain risk assessments, and continuous monitoring of their systems. Furthermore, collaboration and information sharing among organizations are crucial for detecting and responding to supply-chain attacks effectively. The development and deployment of AI-powered security tools may also play a critical role in mitigating these evolving threats.

As of late 2025, security researchers are actively working on developing new techniques for detecting and preventing supply-chain attacks, including the use of AI to analyze code and identify suspicious patterns. The ongoing battle between attackers and defenders is expected to continue, with both sides leveraging AI and other advanced technologies to gain an advantage. The focus for 2026 will likely be on proactive measures and enhanced collaboration to strengthen the overall security posture of organizations and their supply chains.