rushter.com via Reddit

AI-generated code drives PyPI package surge 30%

open source cybersecurity generative ai coding tools open-source supply-chain ai-code

Key insights

  • PyPI package publication grew 30% since 2025, with AI-generated LLM tooling identified as the primary driver.
  • LLM-generated packages disproportionately misuse eval and exec, creating systemic code execution vulnerabilities across the ecosystem.
  • Weekly PyPI request volume is projected to reach 530 billion by end of 2025, an 87% year-over-year increase.

Why this matters

Security teams at companies consuming open-source Python dependencies now face a statistically larger attack surface where risky eval and exec patterns are baked in by default, not by exception. Founders building on PyPI-hosted tooling stacks inherit these vulnerabilities without any signal in the package metadata that AI generation was involved. At the infrastructure level, an 87% YoY jump in request volume means PyPI's abuse-detection and vetting capacity is being outrun by the publication rate, making automated scanning the only realistic line of defense.

Summary

PyPI package publication has jumped 30% since 2025, and the primary engine is AI-generated code — specifically agentic frameworks and LLM tooling churned out at scale by models that don't fully understand the security implications of what they're writing. A May 17 analysis from rushter.com quantifies the damage: LLM-generated packages disproportionately use eval and exec in ways that create real supply chain exposure, and the volume makes manual review impossible. Weekly download requests are tracking toward 530 billion by end of 2025, an 87% year-over-year increase that outpaces any human-written growth curve. Essentially: the open-source Python ecosystem (PyPI maintainers, downstream package consumers) is absorbing risk generated by LLM tooling providers who face no accountability for what their models publish. - PyPI package volume is up 30% since 2025, with LLM-generated agentic frameworks as the identified primary driver. - Eval and exec misuse in AI-generated packages creates injection and arbitrary code execution vectors at ecosystem scale. - Weekly request volume is on pace to hit 530 billion by year-end, up 87% year-over-year. The supply chain risk here isn't hypothetical: the same pattern that made SolarWinds and XZ Utils dangerous is now being replicated automatically, without a human attacker even needing to be in the loop.

Potential risks and opportunities

Risks

  • Enterprises with Python-heavy stacks (financial services, healthcare data pipelines) could face undisclosed eval/exec exposure in transitive dependencies before security audits catch the pattern in Q3 2025.
  • PyPI itself faces reputational and operational risk if a high-profile supply chain compromise is traced to an AI-generated package, potentially triggering regulatory scrutiny of open package registries.
  • LLM tooling providers (OpenAI, Anthropic, Google) whose models generated the flagged packages may face pressure from enterprise customers to add publication guardrails or accept liability for downstream security incidents.

Opportunities

  • Software composition analysis vendors (Snyk, Chainguard, Socket.dev) can differentiate immediately by shipping AI-generated package detection and eval/exec pattern flagging as a named feature.
  • PyPI alternative registries or private mirror services targeting enterprises (Artifactory, AWS CodeArtifact) gain direct sales leverage by offering curated, AI-generation-filtered package feeds.
  • Security researchers and red teams have a well-scoped, high-value audit target: systematic scanning of post-2025 PyPI packages for eval/exec misuse could surface exploitable packages before threat actors do, with responsible disclosure as a credibility builder.

What we don't know yet

  • Whether PyPI's current maintainer review capacity and automated scanning tools have been updated to flag eval/exec patterns specifically introduced by LLM-generated packages.
  • Which specific agentic framework publishers or LLM tooling categories account for the largest share of the 30% volume increase, and whether any have been notified.
  • Whether the 87% YoY request volume growth reflects legitimate downstream adoption or includes automated crawling and dependency resolution inflation from CI/CD pipelines.

Originally reported by rushter.com

Read the original article →

Original headline: PyPI Package Volume Surges 30% Since 2025 Driven by AI-Generated Code — LLM Packages Show Risky eval/exec Patterns at Scale