As many as 18 percent of five Singapore organizations have policies against unauthorized AI tools but lack any mechanism to detect violations, according to JFrog’s 2026 Software Supply Chain Security State of the Union report released in early June.
The figure is the highest rate in Asia Pacific, according to the report, pointing to a broader pattern of security governance that exists but is not enforced in practice.
The Singapore findings, drawn from 174 local respondents as part of a global survey of 1,508 IT professionals across eight countries, revealed that Singapore consistently falls short on enforcement. Meanwhille, leading all eight surveyed nations on network proxy recorded enforcement at 67 percent and AI code scrutiny at 71 percent.
About 54 percent of organizations need a week or more to produce compliance proof per application, despite 95 percent claiming to track application ownership. 59 percent of developers wait a week or more for new open-source package approvals, the slowest rate in Asia Pacific. Only 25 percent have adopted secrets detection, one of the most under-deployed security controls relative to threat volume.
The report noted that these gaps are emerging at a time when global software supply chain attacks have reached record levels, including 171,592 malicious npm packages, 495 weaponized AI models on public registries, and 11.7 million new packages entering supply chains in the past year.
The report also found that 60 percent of Singapore DevSecOps stakeholders cite security governance and policy enforcement as their top time burden, while 41 percent identify reviewing and hardening AI-generated code as a significant drain on resources.
Sunny Rao, Senior Vice President of APAC at JFrog, said Singapore’s governance frameworks represent a genuine competitive advantage, but that policies relying on manual review cannot keep pace with AI-driven development. He said organizations that embed enforcement directly into the pipeline will be best positioned to lead.
Singapore unveils AI supercomputer to advance climate, healthcare studies