@article{ziebakozarzewski2026software,
  title = {Software Ecosystem Growth Dynamics:  Dependencies, Complexity, Vulnerabilities, and the Influence of AI Tools},
  author = {Artur ZIEBA-KOZARZEWSKI},
  year = 2026,
  url = {https://ibimapublishing.com/articles/JSSD/2026/397496/},
  journal = {Journal of Software and Systems Development},
  volume = 2026,
  pages = 7,
  doi = doi.org/10.5171/2026.397496,
  abstract = {The growing complexity of software development, driven by the extensive use of external dependencies and AI-based development tools, has become an important but still underexplored factor affecting software quality, maintainability, and security. As large language models become increasingly embedded in everyday development workflows, they may also shape decisions that once required more deliberate technical judgement, including whether a new dependency should be introduced in the first place. Although existing research has examined the quality of AI-generated code and the effectiveness of LLM-supported programming, much less attention has been given to the ways in which these tools may influence dependency selection or change the structure of dependency networks. This issue becomes more significant as such networks continue to expand and, in turn, increase security exposure. To address this gap, the study investigates changes in dependency counts in relation to the adoption of AI-based development tools and considers how these changes may affect vulnerability risk.
The methodology combines a longitudinal review of dependency metrics from 2021 to 2024 with correlation analysis and a simple probabilistic model used to estimate the likelihood of multiple vulnerabilities in projects with extensive dependency trees.
The results indicate a strong positive correlation (r ≈ 0.995) between the adoption of AI tools and the growth in dependency counts. They also suggest a high probability—often exceeding 95% in major ecosystems—that an average project will contain at least three vulnerabilities. These findings point to the need for further research on how AI tools affect architectural and dependency-related decisions, as well as for practical strategies to reduce the resulting security risks.},
  keywords = {artificial intelligence, software, dependency, llm, vulnerability},
  note = Article ID: 397496
}
