JFrog has published research showing Australian organisations lead globally in self-hosted AI use and automated software governance. The findings also point to persistent gaps in secrets detection and audit readiness.
The survey found 68% of Australian organisations self-host AI models, the highest rate among the countries surveyed, while 47% use automated controls to block unapproved IDE extensions and MCP servers. It also reported that 67% have full visibility into the provenance of software running in production, the highest level in Asia-Pacific.
The results are based on 165 Australian respondents and form part of a wider survey of 1,508 IT professionals across eight countries. Respondents worked in organisations with software development teams of at least 50 employees.
Global threat rise
The report comes as attacks on software supply chains broaden beyond open-source packages to AI models, developer tools and agent-based systems. JFrog identified 171,592 malicious npm packages in 2025, up 451% year on year, along with 495 malicious AI models and 969 malicious AI agent skills.
It also tracked 56 malicious extensions on OpenVSX, a registry used by AI-focused IDEs. More than 48,000 new CVEs were disclosed globally over the year, a rise of 20%.
Australian businesses are also facing higher costs from cyber incidents. Citing the Australian Signals Directorate's annual cyber threat report, JFrog said the average cost of cybercrime for Australian businesses rose 50% to $80,850 per incident, with supply chain attack routes flagged as a growing risk.
Automation gains
The Australian data points to extensive use of automated controls in software development workflows. More than half of organisations, 53%, approve new open-source packages within five days, making Australia the fastest in Asia-Pacific for this process.
That pace was linked to the use of pre-approved package lists and automated enforcement tools, reducing the need for manual approval. The figures suggest many local organisations have embedded policy controls deeply into developer environments and software delivery pipelines.
Use of self-hosted AI models also stood out. By keeping models within infrastructure under their own control, Australian organisations appear to be taking a more cautious approach to data handling and software governance than peers elsewhere.
Blind spots remain
Despite those strengths, the report highlights areas where controls appear weaker. Only 38% of Australian organisations have adopted secrets detection, meaning most are not actively scanning codebases for exposed credentials, API keys or tokens.
That matters because exposed secrets remain a common route into systems. JFrog found 17,637 exposed tokens across public repositories in 2025, with 33% of AWS credentials and 87% of Hugging Face tokens still active when discovered.
Audit preparation also remains slow for many organisations. Although 67% said they had full visibility into software provenance in production, 44% still needed a week or more to produce compliance audit proof for each application.
The figures suggest traceability does not automatically translate into documentation that can be assembled quickly for regulators, customers or internal governance teams. In practice, many security and compliance teams still appear to rely on manual effort to gather evidence.
Another pressure point is AI-generated code. The survey found 51% of Australian security teams viewed reviewing and hardening AI-generated code as a major time burden, the highest rate in Asia-Pacific.
At the same time, 34% of Australian developers treat AI-suggested security fixes as near-definitive and accept them after only a quick review. That points to a potential mismatch between the speed of AI-assisted development and the scrutiny needed to verify code changes.
Sunny Rao, Senior Vice President, APAC, at JFrog, said the research showed both progress and risk in the Australian market. "Australian enterprises have done something most markets are still working toward - they've built automated gates across the developer toolchain and brought AI models inside their own infrastructure for sovereign control," Rao said.
He said the attack surface had shifted as AI tools became more deeply embedded in software development. "But as AI models become supply chain dependencies and agentic tools gain direct access to codebases and credentials, organisations need a single source of truth that governs every artifact - every binary, every model, every IDE extension - from the moment it enters the pipeline to the moment it reaches production. That's the trust layer Australian organisations need to be secure. Without it, the most automated perimeter in the world still has gaps that attackers can walk through," Rao said.
Rao said the next step was to extend governance across more parts of the software stack rather than relying on isolated controls. "Australia is in a uniquely strong position because the hardest part - building the culture and infrastructure for automated enforcement - is already done. What's needed now is a system of record that extends that discipline to every layer of the supply chain: curating AI models and open-source packages before they reach the pipeline, scanning every artifact for exposed secrets automatically, and using contextual analysis to cut through CVE noise so teams fix what actually matters," Rao said.
He added that compliance processes also needed to be more tightly integrated with software governance systems. "When governance is platform-native rather than bolted on, compliance evidence becomes something the system generates in minutes, not something a team assembles under pressure over weeks. That's how you turn Australia's automation advantage into end-to-end protection," Rao said.