Introduction

Modern business systems are more connected and composable than ever. At the heart of this interconnectivity lies a complex web of software dependencies—open-source libraries, third-party modules, and platform integrations that power everything from finance to forecasting. In ERP systems, dependency management isn’t just a DevOps concern; it’s a security, compliance, and business continuity issue. The rise of agentic ERP systems—intelligent platforms powered by AI agents—introduces both new opportunities and new risks in this area.

Executive Summary

Legacy ERP systems are largely monolithic and slow-moving. Their dependency graphs are shallow but brittle. Agentic ERP systems, by contrast, thrive on agility—using modular architectures, multi-agent frameworks, and rapid iteration cycles. This makes them more adaptable but also more exposed to the modern realities of software supply chain risk.

This report compares the dependency management practices and challenges of agentic and legacy ERP systems, uncovering:

• Why dependency management is less about detection and more about prioritization

• How AI makes remediation harder, not easier

• The limitations of relying on public databases like the NVD

• Why Software Composition Analysis (SCA) tools must evolve to meet the complexity of agentic systems

• Why change impact analysis is the holy grail for modern ERP development teams

Dependency Management All Comes Down to Effective Prioritization

In legacy ERP environments, dependencies are often deeply embedded and rarely changed. As a result, vulnerabilities may remain unpatched for years—either due to fear of breaking core functionality or lack of visibility.

In agentic ERP systems, dependency graphs are broader and constantly evolving. This makes it easier to patch known vulnerabilities—but only if development teams can accurately prioritize what matters. With hundreds of agents, microservices, and API links, choosing which CVE to address first becomes a strategic challenge, not just a technical one.

Dependency Management Is Impossible with Public Advisory Databases Alone

Legacy systems tend to rely on older, well-documented dependencies with public CVE coverage. Agentic ERPs often use bleeding-edge packages or AI frameworks where CVEs lag behind, if they exist at all. Public advisory databases like the NVD are necessary—but not sufficient. They miss:

• AI libraries with undocumented flaws

• Zero-days circulating in private threat channels

• Configuration-specific vulnerabilities that don’t trigger public alerts

Modern ERP platforms need hybrid intelligence: public CVE monitoring plus internal behavioral detection.

Artificial Intelligence Makes Programming Easier, But Dependency Management Harder

AI accelerates development, enabling rapid prototyping and automated agent deployment. But AI also introduces:

• Layered dependencies: An LLM agent may rely on five libraries you didn’t install directly.

• Dynamic dependency loading: Agents may fetch models or tools at runtime, obscuring the true dependency graph.

• Opaque behavior: AI agents can "hallucinate" usage patterns or API calls that pull in untracked components.

Agentic ERP systems must treat AI agent chains as dependencies themselves—with versioning, verification, and rollback controls.

Part 1: Identifying Dependencies & Their Vulnerabilities

Finding Known-Vulnerable Code in Dependencies

Legacy ERPs often integrate large packages with limited modular visibility. Finding vulnerable functions is like scanning a haystack. Agentic ERPs benefit from fine-grained modularity but struggle with transitive dependencies across AI agents and microservices.

Phantom Dependencies Are No Joke

Phantom dependencies—modules included via other libraries or runtime execution—are especially dangerous in agentic systems. For instance, an AI-driven data enrichment agent may silently load a visualization library that pulls in a vulnerable charting package. These dependencies aren’t listed in requirements.txt or package.json—they live in the shadows.

Part 2: Discrepancies and Shortcomings of Vulnerability Databases

Ecosystem Coverage of CVEs

Legacy systems rely on decades-old libraries with good CVE coverage. But modern ERP stacks use JavaScript, Python, and Rust packages that outpace public disclosures. LLM tooling in particular is underrepresented in CVE repositories.

Vulnerability Advisory Publication Delays

Even when CVEs are assigned, publication delays can range from days to months. For mission-critical ERP systems—especially those handling financial data—this delay creates exposure windows that agentic systems must be able to detect proactively.

Public Advisories Lack Code-level Information

A CVE often says: “vulnerability exists in versions <1.2.0.” But what line of code is actually impacted? Legacy ERP systems rarely trace this deeply. Agentic ERPs can, but only if they integrate source-aware tools or AI-based semantic scanners.

Affected Components and Component Versions

Dependency misalignment is common. A vulnerable module may exist in an unused portion of the package—but without clear usage maps, both legacy and agentic systems may treat it as critical. Agentic systems should maintain dependency usage heatmaps to distinguish between theoretical and real exposure.

Notable Impacts of Mature Vulnerability Prioritization Practices

Companies using advanced prioritization (e.g. weighted CVSS + asset exposure + exploitability) dramatically reduce remediation cycles. Agentic ERPs can go a step further by embedding these calculations into agents that triage vulnerabilities in real-time.

Vulnerabilities in AI Projects

Many AI libraries (transformers, tokenizers, vector databases) have:

• Poor CVE discipline

• Few formal disclosures

• Hidden risks in data preprocessing

Agentic ERPs that ingest AI models must treat them as software artifacts with risk footprints, not just “intelligent components.”

Part 3: Why Remediating Known Vulnerabilities Is Hard

Piece of Cake: Pulling a Non-vulnerable Version

Simple in theory. In practice, even minor version bumps can break legacy ERP components. In agentic systems, where modules are loosely coupled, this process is easier—but only if robust testing and rollback mechanisms exist.

Tough Nut: Breaking Changes

A patch may fix a CVE but change how a library handles currency formatting, file uploads, or auth tokens. This breaks workflows silently. Agentic ERPs need agent replay and observability logs to simulate the impact of such changes before deployment.

Holy Grail: Change Impact Analysis

Change impact analysis—knowing exactly what a dependency update will affect—is the missing link. Legacy ERPs often forgo it altogether. Agentic ERPs, built with observability in mind, can generate real-time diffs between versions and simulate downstream effects across agents, ledgers, and dashboards.

Part 4: Software Composition Analysis and Its Role in Dependency Management

SCA Tools Must Do More to Support Remediation Efforts

Traditional SCA tools flag vulnerabilities but offer little remediation guidance. Agentic ERP systems require SCA tools that:

• Provide AI-generated fix suggestions

• Recommend test coverage for patches

• Flag agents relying on affected code paths

SCA Tools Need Inputs from Public and Private Vulnerability Databases

To be effective in real time, SCA platforms in agentic systems must ingest:

• Public CVEs (NVD, OSV)

• Private disclosures (e.g. GitHub security advisories, vendor alerts)

• Behavioral anomaly data from running agents

AI Projects Pose Unique Dependency Management Challenges

Agentic ERPs often include AI-powered reasoning chains, prompt APIs, and agent marketplaces. These elements require:

• Version control of prompts and models

• Risk tagging for models with known vulnerabilities

• Logging of third-party agent behavior and execution paths

Without this, an ERP may be executing vulnerable logic via a seemingly safe AI agent.

Footnotes and References

1. NIST National Vulnerability Database (NVD)

2. GitHub Security Advisories

3. Gartner 2024 – The State of Software Supply Chain Security

4. ReversingLabs 2025 Report – Phantom Dependencies in the Wild

5. OWASP Foundation – Software Composition Analysis Best Practices

6. MITRE CVE Project – Common Vulnerabilities and Exposures

7. Snyk – The State of Open Source Security

8. Leading Agentic AI ERP System Internal Documentation – Agentic Dependency Graphing