Broadcom Inc. (NASDAQ: AVGO) announced security investments for the Spring and Java ecosystem on June 8, 2026, in response to increased AI-detected security threats. The company released what it described as the largest set of Spring security updates in the framework's 23-year history.

The company reported a 1,700% increase in monthly security advisories from the Spring community between March and April 2026. Spring is used by over half of Fortune 500 companies, according to the press release.

Broadcom's Tanzu division is extending its clean-room build architecture to Java dependencies for the Spring ecosystem. The company stated it will provide day zero access to validated common vulnerabilities and exposures (CVE) patch-only releases through the Spring Enterprise Repository before patches are released to open source.

"Spring is one of the most widely adopted application development frameworks in the world, and as its steward, we have a deep responsibility for its security," said Purnima Padmanabhan, Vice President and General Manager of Broadcom's Tanzu Division.

The security measures include SLSA Level 3-validated software supply chain for Java dependencies and coverage spanning the full transitive dependency graph managed by Spring Boot bill of materials. Spring Boot 4.0 manages 1,768 dependencies, with the full supported portfolio totaling more than 100,000 validated dependency builds.

Broadcom has scaled its investment in AI-assisted security analysis, including frontier model-based scanning and validation workflows to identify vulnerabilities and assess remediation paths across the dependency ecosystem.

The company's VMware Tanzu Spring enterprise support includes certified secure spring libraries, commercial-first release of patches for current and older enterprise-supported versions, and 24x7 support with access to the Spring team.