The AI landscape doesn't move in one direction — it lurches. Some techniques leap from experiment to table stakes in a single quarter; others stall against regulatory walls, technical ceilings, or organisational inertia that no amount of hype can dislodge. Knowing which is which is the hard part. The State of Play cuts through the noise with a rigorously maintained index of AI techniques across every major business domain — classified by maturity, evidenced by real-world adoption, and updated daily so you always know where you stand relative to the field. Stop guessing. Start knowing.
A daily newsletter distilling the past two weeks of movement in a domain or two — delivered to your inbox while the index updates in the background.
Each dot marks the weighted maturity of practices within a domain — hover for a brief summary, click for more detail
AI that manages dependencies, remediates vulnerabilities, and analyses the impact of changes across multiple repositories. Includes automated dependency updates and cross-repo change impact prediction; distinct from security code review which examines code logic rather than dependency graphs.
Automated dependency management has crossed from experimental into real production deployments at forward-leaning organisations, though most teams still rely on manual or minimally configured approaches. Dependabot and Renovate dominate the tooling landscape, with enterprise teams running Renovate across hundreds of repositories and achieving measurable improvements in patch velocity and developer experience. ThoughtWorks elevated Renovate to "Adopt" status in 2025, and analyst comparisons confirm a maturing ecosystem with 90+ supported package managers. The practice remains leading-edge rather than mainstream because two tensions persist. First, tooling for cross-repository impact prediction is advancing—Snyk, CodeRabbit, and research prototypes now use LLM-based analysis to predict breaking changes, and new solutions like fossabot and GitHub's Dependabot+AI feature enable AI agents to handle complex breaking-change remediation—but no solution yet achieves the precision needed for fully autonomous merging across complex dependency graphs. Second, the supply chain attack surface has shifted: ecosystem-wide adoption of dependency cooldowns (minimumReleaseAge across npm, pnpm, Yarn, Python, and Rust) signals coordinated defense against zero-day exploitation, yet automation failures continue to emerge (GitGuardian 2026 study: 95 malicious PRs auto-merged across 895+ repos in under one hour), demonstrating that tools are still faster than governance. Organisations adopting aggressive automation gain speed but must balance this against supply chain risk and false-positive noise; the gap between the vanguard (Salesforce, Coveo, Uber deploying hundreds of services with cross-repo impact detection) and the field remains wide.
Dependabot remains the dominant tool by volume, with 9.9 million PRs across 1.7 million GitHub projects and security fix times under one day. Renovate has become the enterprise alternative: Coveo runs it centrally on Kubernetes across 400+ repositories, and a recent monorepo case study documented a 75% reduction in dependency PRs alongside security patch times dropping from five days to eighteen hours. Renovate now supports 90+ package managers compared to Dependabot's 30, a gap that drives adoption among polyglot teams. Monorepo adoption is accelerating: 63% of companies with 50+ developers use monorepos (2025 data), enabling atomic cross-project dependency changes and instant updates to shared code. GitHub's deprecation of Dependabot PR comment commands in January 2026 signals continued platform consolidation, while in April 2026, GitHub shipped the ability to assign Dependabot alerts to AI agents for remediation, enabling automatic generation of draft PRs for complex breaking-change scenarios. New cross-repository impact detection solutions appeared in April–May 2026: fossabot AI agent detects breaking changes with cross-repo awareness; Uber's production system automatically detects affected services from commits (1.4% of 500K commits affect 100+ services, 0.3% affect 1000+ services) and orchestrates safe rollouts by monitoring deployment health across affected service cohorts; CodeRabbit's multi-repo analysis (GA May 2026) detects API contract breaking changes and dependency drift across linked repositories.
The tooling works but automation carries hidden risks. Vulnerability scanners still produce false-positive rates as high as 97.5%, and Filippo Valsorda's critique of Dependabot as a "noise machine" reflects widespread practitioner frustration. Function-level reachability analysis can cut false alarms to 37% when applied at scale, and emerging solutions (Snyk breakability analysis, CodeRabbit multi-repo detection) now use LLM-powered changelog analysis to predict whether dependency upgrades will break builds. Vendor platforms are addressing transitive dependency false positives: Microsoft .NET 10 GA (May 2026) ships package pruning to eliminate false-positive transitive vulnerabilities from bundled runtime libraries, achieving 70% reduction in spurious reports. Salesforce's Luminary platform (March 2026) eliminates manual cross-service dependency validation by automating real-time health checks across 100+ services and 800 releases. However, May 2026 demonstrated critical automation failure modes at unprecedented scale: SafeDep documented a coordinated attack compromising utility packages (ansi-styles, debug, chalk) with over one billion combined weekly downloads, with wallet-drainer malware evading static analysis through multi-stage obfuscation; a separate node-ipc malware incident distributed obfuscated credential-stealing payloads across 100+ dependency categories via DNS exfiltration; the npm supply chain attack affecting 47,000 downstream applications from a single poisoned dependency reveal the cascading risk of cross-repository exposure (SBOM limitations, defense in depth required). Practitioners implementing AI-assisted triage show leading-edge maturity: thoughtbot's Claude-based review reduces per-PR triage time from minutes to seconds; PRONI Co. deployed Claude Haiku 4.5 to review Dependabot security patches before auto-merge, implementing a 3-layer gate (GHSA + CI + AI) to detect supply chain attack signals (postinstall scripts, provenance gaps) across multiple repositories; CodeRabbit multi-repo detection and AI agent-assignment for breaking-change remediation provide additional patterns for cross-repo impact analysis. Governance gaps remain critical: GitGuardian research documented 95 malicious PRs auto-merging across 895+ repositories without user interaction; TanStack's May 2026 attack exploited GitHub Actions cache poisoning to publish 84 malicious versions with valid SLSA Level 3 attestations in 6 minutes, demonstrating that dependency automation trust models remain bypassable. Transitive CVE clearance requires dual-move operations: bumping a direct dependency alone cannot prevent CVE regression when lockfiles refresh, as resolvers can legally pick older vulnerable transitive versions; production patterns now require direct bump plus top-level overrides to force pinned versions across all transitive paths. Pnpm v11 (April 2026) shipping lifecycle script blocking by default and release cooldowns signal ecosystem-wide recognition that consumer-side controls must prevent execution before governance layer can act. Supply chain attacks increased 400% since 2021, yet 95% of vulnerable component downloads had fixes available; the barrier is not tooling but adoption discipline and policy enforcement independent of automation layers. The core tension persists: AI-assisted dependency decisions still amplify risk (Purdue 2025: 2.46% vulnerable-selection for AI vs. 1.64% for humans), and cross-repository impact prediction visibility gaps remain (RiftMap: no tool answers "if I change this shared module, which repos break and who do I notify?"). Organisations deploying aggressive automation must implement multi-lane triage (production runtime vs. dev-only), ownership routing to blast-radius teams, explicit SLAs tied to exposure windows, and defense-in-depth governance: hard-pinning, dependency firewalls, cooldowns (7-day minimum prevents 90%+ of recent attacks), lockfile freezing, and consumer-side policy enforcement.
— GitLab GA release of SBOM-based dependency scanning with automatic transitive dependency resolution for Maven, Gradle, and Python, directly advancing cross-repository impact analysis capability.
— Mature GA recipe (OpenRewrite 7.34.0+) automatically implements supply-chain security best practice: cooldown periods delaying dependency adoption to allow compromise detection, signaling ecosystem-wide tooling maturity.
— June 2026 npm worm exploiting binding.gyp for install-time code execution, stealing credentials, propagating across 57+ packages with hundreds of versions, demonstrating novel attack vector bypassing traditional monitoring.
— Deep technical case study of TanStack May 2026 attack (84 malicious versions, 42 packages, 12M+ weekly downloads) with valid SLSA Build Level 3 provenance, exposing gap between build integrity and runtime behaviour control.
— GitHub COO explicitly addresses how agentic code generation (1400% growth in 2026) is transforming dependency management patterns, vendoring, and cross-repo PR workflows at scale (14B commits/year projected).
— Real-world incident: 32+ @redhat-cloud-services packages (~80K weekly downloads) compromised with self-propagating worm harvesting credentials, demonstrating critical need for cross-repo dependency tracking and impact analysis.
— Real deployment: Flagsmith explicitly replaced Dependabot with Renovate (June 1, 2026), deployed self-hosted setup, tuned configuration for semantic scopes, demonstrating practitioner tool evaluation and evolution.
— Critical assessment documenting real-world failure mode: automated dependency management accelerated malware distribution (Axios incident in <1 hour across 895+ repos), with 60% of auto-merged malicious PRs unreviewed.
2022-H1: Dependabot and Renovate established as market-leading tools; Dependabot integrated natively into GitHub (product GA for @types support), but empirical research revealed 11.3% deprecation rate due to compatibility issues and notification fatigue. Renovate gained ground with teams needing polyglot configuration (Helm, Terraform). Neither tool addressed cross-repository impact analysis or breaking-change prediction—core unsolved problems keeping the practice in research stage.
2022-H2: Dependabot GA version-update feature reached full production status (documented November 2022), but new research exposed critical limitations: 91% of security alerts targeted unused dependencies; Dependabot false positives (malware alerts) forced GitHub to pause feature; Renovate gained adoption in Microsoft/enterprise polyrepo scenarios. Cross-repository impact prediction and breaking-change detection remained unsolved, compounded by supply chain attack concerns (substitution attacks on npm/PyPI).
2023-H1: MSR 2023 peer-reviewed research examined how real-world projects resolve vulnerable dependencies using Dependabot, confirming ongoing production adoption. GitHub continued investing in Dependabot features (Enterprise automation support documented through March). However, no major breakthrough in cross-repository impact analysis or breaking-change prediction; the core tension between security (rapid patching) and stability (avoiding cascade failures) remained unresolved.
2023-H2: Real-world adoption continued: Rust Cargo adopted Renovate for monthly automated updates (July); GitHub enhanced Dependabot with grouped updates by dependency type (August). Industry analysis quantified the problem's scale: Sonatype reported 96% of vulnerable downloads avoidable but persisting, 3.97B monthly vulnerable components, and average Java apps with 148 dependencies receiving 1,500 annual changes. Operational challenges emerged: WordPress Openverse encountered duplication when both tools ran on the same monorepo, revealing lack of cross-tool coordination. New tooling appeared: Moderne Platform launched dependency visualizations for cross-repo impact analysis (November), marking the first serious attempt to address the core unsolved problem, but too recent to validate effectiveness. Supply chain risks expanded: Endor Labs reported LLM malware detection at 5% precision and ChatGPT API spreading across npm/PyPI ecosystem. The practice remained research-stage as neither Dependabot nor Renovate solved cross-repo impact prediction.
2024-Q1: Ecosystem adoption accelerated with measurable production wins (PR TIMES: 97% CI cost reduction via Renovate; uniget.dev: 6,725+ automated PRs merged at scale). Enterprise vendor investment signaled maturity: Oracle expanded ADM vulnerability auditing across languages. However, Q1 2024 research hardened understanding of core limitations: FOSDEM empirical study of 262 Java projects showed test coverage insufficient to catch breaking changes (47% detection rate for direct dependencies, 35% for transitive). SemVer adherence inconsistent; Endor Labs warned that blind automation amplifies risk without better impact prediction. Innovation continued: open-source tools like dependency-management-data integrated OpenSSF Scorecards; research prototypes (DepsRAG) explored LLM+knowledge-graph approaches to dependency analysis. No mainstream solution yet achieved reliable cross-repo impact prediction; practice remained research-stage.
2024-Q3: Large-scale empirical evidence confirmed Dependabot dominance (9.9M PRs across 1.7M GitHub projects, >65% market share in dependency management activity) with strong security PR acceptance (<1 day fix time), indicating sustained production adoption. Endor Labs research quantified a new strategic insight: function-level reachability analysis shows only <9.5% of vulnerabilities are actually exploitable in production, enabling cost-effective prioritization (>90.5% reduction in remediation burden). However, Dependabot reliability concerns emerged: automated suspension of updates after 90 days of inactivity revealed operational limitations in unattended repositories. Enterprise adoption continued (Senacor: 90% of teams use Renovate, 20% Dependabot), with deployment lifespans spanning months to 3.5 years. Academic research (dependency challenge catalogue) reaffirmed the field's maturity—cataloguing well-known problems (dependency hell, supply chain attacks, SCA gaps) but offering no breakthrough solutions. Cross-repository impact prediction remained unsolved, keeping the practice in research stage despite strong adoption metrics.
2024-Q4: Ecosystem adoption metrics broadened: Linux Foundation and Harvard Census III report (December 2024) aggregated 12M FOSS library observations across 10K+ companies, confirming large-scale production dependency exposure and ecosystem trends (cloud-native growth, Python 3 adoption, Rust expansion). However, reliability concerns hardened: Q4 2024 reports documented Dependabot silent failures, inaccessible logging, and production teams migrating to Renovate. Operational maturity increased but cost concerns mounted as teams deployed at microservices scale (DevoxxFR case: GCP CI/CD costs significant for multi-project dependency automation). Cross-repository impact prediction remained the unresolved constraint, and without reliable breaking-change detection, aggressive automation created operational risk.
2025-Q1: Enterprise adoption patterns shifted toward self-hosted and specialized solutions: SRE teams deployed Renovate on Kubernetes to manage 200+ infrastructure dependencies (February), signaling operational confidence in self-hosted tooling for large-scale environments. Vendor ecosystem diversified: Tricentis launched LiveCompare cross-system impact analysis (GA, February 2025), addressing the core unsolved problem at SAP Fiori scale. However, practitioner adoption barriers hardened: Sonatype (January 2025) reported 80% of dependencies remain un-upgraded for over 1 year; Aikido (March 2025) confirmed 84% of codebases contain known vulnerabilities. No breakthrough in cross-repository impact prediction; the core constraint remained unsolved, keeping the practice in research stage despite strong evidence of large-scale real-world deployment.
2025-Q2: Analyst recognition affirmed dependency management tool maturity: ThoughtWorks Technology Radar (April 2025) elevated Renovate to 'Adopt' status, recommending comprehensive dependency management with automatic PR merging and infrastructure-as-code support. Academic research (MSR 2025, April) provided peer-reviewed evidence that lower-dependency projects achieve superior maintenance practices. Vendor development continued: GitHub shipped Dependabot security update enhancements in Enterprise Server 3.13 (June 2025). However, critical practitioner analysis documented persistent risks: dependency-related failures account for 40% of deployment issues, and adoption barriers remained substantial. No progress on cross-repository impact prediction; the core constraint—reliably forecasting breaking changes across repository boundaries—remained unsolved.
2025-Q3: Deployment scale and impact analysis maturity accelerated: Coveo's production deployment managing 400+ repositories with centralized Renovate on Kubernetes (July) demonstrated enterprise-ready cross-repository coordination. However, empirical research hardened understanding of tool limitations: a 2,414-repo study revealed vulnerability scanners produce 97.5% false positive rates, with function-level analysis reducing false alarms to 37%, exposing critical gaps in cross-repository impact prediction. Practitioner barriers persisted: Snyk analysis documented 70% of security team time spent investigating false positives; Dependabot analysis revealed 73% of ecosystems lack transitive dependency support. Emerging vendor capabilities showed promise: FOSSA announced static analysis and AI agent integration (190% accuracy improvements) for breaking-change detection, but remained pre-production as of quarter-end (September 2025). The core unsolved constraint—reliably predicting breaking changes across repositories—remained the limiting factor for practice advancement.
2025-Q4: Critical empirical evidence emerged on AI-assisted dependency management limitations: Purdue University's peer-reviewed study (December 2025) of 117,062 dependency changes showed AI agents select vulnerable versions 2.46% vs 1.64% for humans, exhibiting net-negative security impact overall. Endor Labs' 2025 State of Dependency Management report (November) confirmed 80% of AI-suggested dependencies contain risks, and Renovate maintainer interviews (December) documented ongoing semantic versioning and transitive dependency complexity. GitHub platform evolution continued: Dependabot deprecation of PR comment commands (October, effective January 2026) reflected platform maturation toward native GitHub features. Practitioner adoption of Renovate and Dependabot remained strong at enterprise scale, but a critical technical constraint emerged: AI agents amplify dependency management risk rather than mitigate it. As of year-end 2025, the practice remained in research stage due to two unresolved constraints: (1) inability to reliably predict breaking changes across repository boundaries, and (2) negative impact of AI-assisted dependency decisions. Without progress on both fronts, aggressive automation and AI integration create mounting supply chain risk rather than reducing it.
2026-Jan: GitHub formalized Dependabot platform maturation by deprecating PR comment commands in favor of native features (January 2026), completing the shift toward integrated tooling. However, critical vulnerabilities emerged: Renovate 42.68.5 patched command injection flaws in Gradle Wrapper and multiple package managers affecting 200+ versions, exposing reliability gaps in a widely-deployed automation tool. Real-world adoption continued at production scale (Productive.io: multi-repository Renovate deployment for front-end dependency management), and new ecosystem players emerged (DepLog.dev SaaS launch), signaling market diversification. Empirical research hardened constraints on AI-assisted automation: synthesis of agent-driven dependency updates confirmed 2.46% vulnerable-version selection rate for AI vs. 1.64% for humans. Practitioner frustration persisted: detailed critiques of Dependabot overhead documented real adoption barriers in enterprise teams. As of month-end January 2026, the core tensions remained unresolved: automation delivers at scale but amplifies supply chain risk; AI assistance produces net-negative security outcomes; and reliable cross-repository impact prediction remained absent from mainstream tools.
2026-Feb: Ecosystem maturity accelerated across multiple dimensions: Renovate expanded platform coverage (Azure Pipelines GA, 90+ total managers) and demonstrated production impact (monorepo case study: 75% PR reduction, 5-day→18-hour security patch time, 2→4 developer satisfaction), validating enterprise-scale deployment patterns. Analyst feature comparison (Dependabot 30 managers vs. Renovate 90+) confirmed tool differentiation and multi-platform targeting. However, adoption barriers hardened: Filippo Valsorda (ex-Google Go security lead) renewed criticism of Dependabot as a "noise machine" due to cascading false positives from security fixes in dependencies (one-line fix triggering thousands of unaffected PRs), recommending govulncheck for reachability analysis instead. Tool evolution continued: Renovate maintainers demonstrated cross-repository file synchronization capabilities (Vendir integration) for managing vendored dependencies, expanding the practice's scope beyond package manager updates. As of month-end February 2026, the practice remained in research stage with production adoption strong but constrained by two persistent challenges: (1) inability of mainstream tools to reliably predict breaking changes across repository boundaries, and (2) adoption barriers from false positive noise, particularly with Dependabot's GitHub-dependent approach.
2026-Q1: Intelligence-layer evolution accelerated on three fronts: (1) Breaking-change prediction matured—Snyk's breakability analysis feature (March 2026) uses LLM-powered analysis of changelogs to classify dependency upgrades as low/medium/high risk; Salesforce's Luminary platform (March 2026) automates cross-service dependency validation across 100+ services by evaluating SLO availability and dependency health before promotion; CodeRabbit's multi-repo analysis (March 2026) extends beyond package managers to detect API contract breaking changes and shared library ripple effects. (2) Supply-chain attack defense standardized—ecosystem-wide adoption of dependency cooldowns (minimumReleaseAge) achieved critical mass: npm, pnpm, Yarn, Bun, Deno, uv, pip shipped cooldown features in six months (Sept 2025–Mar 2026); Renovate, Dependabot, and Snyk made cooldowns default or configurable settings; expert analysis proved eight of ten examined supply chain attacks had exploitation windows under one week, validating cooldown effectiveness. (3) Malware detection advanced—GitHub shipped Dependabot malware detection (March 2026) with OpenSSF Malware Streams integration and auto-triage rules to reduce false positives from name-sharing attacks. Academic research progressed: peer-reviewed paper on automated semantic versioning detection (March 2026, IEICE journal) achieved 0.889 F1-score for major version classification, directly addressing the SemVer adherence problem that amplifies breaking-change risk. Production case studies validated feasibility of cross-framework dependency modernization: The Agile Monkeys remediated 229 vulnerabilities in legacy Spring/Struts system using AI-assisted false-positive filtering and compatibility assessment without multi-year rewrite. The core unsolved constraint—reliable cross-repository breaking-change prediction at production scale—remains partially addressed; emerging solutions (LLM-based analysis, real-time health validation) show promise but have not yet achieved the precision required for fully autonomous merging in complex monorepos. Practice remains in leading-edge tier due to unresolved tension: tooling advances enable faster deployment, but supply chain risk (AI-assisted decision-making, malware evolution) and false-positive noise demand careful operational governance.
2026-Apr: Production cross-repository impact analysis reached new maturity: Uber's engineering case study (April 2026) documented system detecting affected services from commits, monitoring blast radius across thousands of microservices, and orchestrating rollouts to prevent cascading failures—validating feasibility of autonomous cross-repo coordination at massive scale. Uber's iOS monorepo case (150+ engineers, 40+ interdependent modules) further confirmed that monorepo dependency coordination at scale requires dedicated tooling as CocoaPods resolution became a critical bottleneck. GitHub extended Dependabot capabilities (April 2026) by enabling assignment of vulnerability alerts to AI agents (Copilot, Claude, Codex) for draft PR generation, handling complex breaking-change scenarios that version bumps alone cannot solve. New vendor solution fossabot (April 2026) demonstrated production-ready AI agent for breaking-change detection with cross-repository impact awareness. GitHub shipped deployment context feature (April 2026) showing whether vulnerable dependencies are actually deployed to production, enabling teams to triage Dependabot alerts across repository impact. StepSecurity announced cooldown and grouping enhancements for Dependabot (April 2026), controlling update velocity and batching related changes at organizational scale. Practitioner frameworks for monorepo dependency governance matured (1-week cooldown via npmMinimalAgeGate/minimumReleaseAge, lockfile freezing, SHA pinning for GitHub Actions), providing operational patterns for preventing supply chain attack propagation. However, critical vulnerabilities in automation emerged: GitGuardian's supply chain research (April 2026) documented widespread auto-merge workflows becoming attack vectors—95 PRs containing malicious code auto-merged without user interaction across 895+ repositories, with malware spreading in under one hour. Palo Alto Unit 42 threat research (April 2026) documented ecosystem-wide attack shift: wormable propagation via stolen npm tokens, infrastructure persistence in CI/CD, hidden malicious dependencies embedded in real incidents (March 2026 Axios compromise, April 2026 Bitwarden cascade triggered by Dependabot automation pulling poisoned upstream image). Security research (Sonatype, April 2026) revealed AI-generated dependency suggestions carry 27.8% error rate (non-existent/deprecated/unsafe versions) and governance gap: policy enforcement layer needed independent of AI tools to evaluate components against live registry intelligence. Semgrep analysis identified persistent transitive reachability gap: while reachability analysis works for direct dependencies, it fails for transitive chains, limiting cross-repository impact prediction accuracy. SRE practitioner analysis confirmed that continuous automation with 2-week merge SLAs eliminates the compounding risk of quarterly batch updates (6-version jumps, 200-line changelogs, multi-day incidents). Expert analysis confirmed persistent visibility gap: no existing tool answers "if I change this shared module, which repos break and who do I need to notify?"—a core unsolved problem despite 18 months of vendor innovation.
2026-May: Cross-repository impact detection and AI-assisted triage reached production validation: CodeRabbit's multi-repo analysis GA (May 2026) detects breaking API changes, type mismatches, and dependency drift across linked repositories; Uber confirmed (May 2026, published late April) that their production orchestration system prevents cascading failures across thousands of services by monitoring deployment signals from early cohorts. AI-assisted dependency review matured operationally: thoughtbot's Claude-powered Dependabot PR reviewer reduces per-PR triage time from minutes to seconds; PRONI Co. deployed Claude Haiku 4.5 to review Dependabot patches via a 3-layer gate (GHSA + CI + AI) detecting supply chain attack signals (postinstall scripts, provenance gaps) across multiple repositories. Microsoft .NET 10 shipped NuGet package pruning (GA) achieving 70% reduction in false-positive transitive vulnerabilities from bundled runtime libraries. Supply chain attack sophistication and cross-repo impact scale reached critical mass: SafeDep's May 10 incident report of compromised utility packages (ansi-styles, debug, chalk) totaling over one billion combined weekly downloads with wallet-drainer malware; TanStack's May 2026 attack exploited GitHub Actions cache poisoning to publish 84 malicious versions (42 packages) with valid SLSA Level 3 attestations in 6 minutes, demonstrating that dependency automation trust models remain bypassable even when attestation chains appear intact; April 30 npm incident affected 47,000 downstream applications from a single poisoned dependency. Both SBOM-based tooling and provenance attestations addressed compliance transparency rather than prevention, underscoring that defense must shift to consumer-side policy controls (script blocking, cooldowns) independent of automation layers. Governance frameworks matured around multi-lane triage (production runtime vs. dev-only criticality) with ownership routing and explicit SLAs, while the core cross-repository visibility gap ("if I change this shared module, which repos break and who do I notify?") remained absent from mainstream tools.
2026-Jun: Agentic dependency management and ecosystem-wide supply chain attack propagation dominated the landscape. GitLab GA'd SBOM-based Dependency Scanning with automatic transitive resolution for Maven, Gradle, and Python; OpenRewrite shipped a GA cooldown recipe automating the 7-day minimumReleaseAge best practice across ecosystems; and Snyk's Remediation Agent GA documented 94% improvement in SCA issue fix rates. Two high-profile supply-chain incidents reinforced the stakes: the Miasma attack compromised 32+ @redhat-cloud-services packages (~80K weekly downloads) with self-propagating credential-harvesting worms, while the Node-gyp Phantom Gyp attack exploited binding.gyp to bypass postinstall monitoring across 57+ packages with hundreds of malicious versions. The TanStack analysis (published June 3) confirmed SLSA Build Level 3 provenance attestations are insufficient—84 malicious versions passed every cryptographic check. A critical emerging risk: The Aging Agent Problem (AgingBench across 14 models) documented AI agents hallucinating phantom packages in autonomous dependency resolution loops, creating a direct supply-chain vulnerability within agentic workflows themselves. Kyle Daigle (GitHub COO) publicly disclosed that agentic code generation is reshaping dependency management at GitHub scale—agents now create thousands of PRs per week, fundamentally changing how cross-repo coordination and vendoring work at the platform level. GitHub shipped Dependabot alerts assignable to AI agents (April GA, documented in June) for draft PR generation, handling breaking-change scenarios that version bumps alone cannot solve. GitLab GA'd SBOM-based Dependency Scanning with automatic transitive dependency resolution (June 6), and GitHub Next published production case studies demonstrating agentic repository maintenance: 578 issues closed, 8x issue closure velocity, 10x PR merge velocity across 13 open-source repos. Critical vulnerability in automated workflows emerged: GitGuardian's April 2026 analysis documented 95 malicious PRs auto-merged without user interaction across 895+ repositories, with malware spreading in under one hour (Axios incident: 5 minutes to auto-upgrade, <1 hour to production at scale). The Miasma attack (June 1-2) compromised 32+ @redhat-cloud-services packages (~80K weekly downloads) with self-propagating worms harvesting cloud credentials. A separate Node-gyp vulnerability exploited binding.gyp (build configuration) to bypass traditional postinstall script monitoring, affecting 57+ packages with hundreds of malicious versions reaching millions of downloads, demonstrating that build-layer execution paths remain attack surface. TanStack attack (May 11, detailed analysis published June 3) proved that SLSA Build Level 3 provenance attestations are insufficient—malicious packages passed every cryptographic check while executing destructive payloads. OpenRewrite shipped GA cooldown recipe (June 5), automating the 7-day supply-chain best practice (minimumReleaseAge) across ecosystems. Snyk released Remediation Agent GA (May 29, updated June 8) with documented 94% improvement in SCA issue fix rates through AI-powered remediation. However, critical limitation emerged: The Aging Agent Problem documented AI agent degradation in production (AgingBench: 400+ sessions across 14 frontier models degrading below 50% reliability), with live incidents of agents hallucinating non-existent packages and creating phantom dependencies—a direct supply-chain vulnerability in autonomous dependency resolution loops. Practitioner adoption continued: UI5 project demonstrated 160+ Dependabot auto-merge workflow runs; Flagsmith explicitly migrated from Dependabot to Renovate and self-hosted (June 1), indicating tool evaluation at scale. The core tension persists: automation delivers velocity and scale, but agentic workflows, auto-merge patterns, and AI-assisted decisions create new attack surfaces (phantom packages, degraded agent reasoning, misapplied fixes) that governance layers have not yet contained. No mainstream tool answers "if I change this shared module, which repos break and who do I notify?"—the foundational cross-repo visibility gap that constrains tier advancement.