Supply Chain Risks Exposed: Addressing Multiple Vulnerabilities with Enhanced Visibility

Post Views: 2

New Vulnerabilities Emerge at Alarming Rate

The global interconnectedness of businesses, coupled with the rapidly evolving software landscape, has turned supply chain security into a top concern. Many organizations remain unaware of their place within the supply chain, making them vulnerable to attacks despite having no control over their own security posture.

CVEs Proliferate at Unprecedented Rate

According to a recent report by Black Kite, the velocity of vulnerability discovery has outpaced the ability to address them, creating a crisis scenario. In 2025 alone, over 48,000 Common Vulnerabilities and Exposures (CVEs) were published, and the average time to exploit vulnerabilities has dropped to a staggering -7 days.

“This means that patches are often released after attacks have already begun exploiting known vulnerabilities.” – Jeffrey Wheatman, Senior Vice President and Cyber Risk Strategist at Black Kite

Visibility is Key to Mitigation

Black Kite’s analysis highlights the importance of visibility into the vulnerabilities that pose a genuine threat to enterprise supply chains. Currently, only 58 of the 48,000 CVEs are identified as posing a significant risk, indicating that visibility is key to reducing the number of vulnerabilities to a manageable level.

Artificial Intelligence Accelerates Discovery

Artificial intelligence (AI) is exacerbating the problem by accelerating the discovery of new vulnerabilities. Furthermore, the growth of easily vouch-coded new applications introduces more weaknesses, and the increased frequency of software updates brings more opportunities for malicious code to be introduced.

Rise of Autonomous Defense

Jeffrey Wheatman emphasizes that the agentic growth of tools is leading to additional exposure, as these tools are granted authorization, authentication, and access. This increases the visibility problem, as IT and security departments may be unaware of the agentic systems being used in their infrastructure.

SBOMs Provide Clarity

Wheatman also highlights the importance of Software Bills of Materials (SBOMs), which can provide details of vulnerabilities in software components. However, the completeness, accuracy, and value of SBOMs are currently debatable.

Conclusion

Ultimately, Black Kite’s original premise holds true: velocity without visibility is the new supply chain crisis, and gaining visibility will help provide the solution. Organizations must work to understand their place within the supply chain and develop effective strategies to mitigate the risks associated with emerging technologies like AI.