What's Happening?
A study by Checkmarx has found that 81% of organizations knowingly ship vulnerable code, with AI-generated code becoming increasingly mainstream. The study surveyed 1500 CISOs, AppSec managers, and developers, revealing that half of the respondents use AI security code assistances, and 34% admitted that more than 60% of their code is AI-generated. Despite the widespread use of AI coding assistants, many organizations lack governance around these tools, leading to increased security risks. The study highlights the need for operationalizing security tooling and establishing policies for AI usage.
Why It's Important?
The findings underscore the growing security challenges posed by AI-generated code, which often contains vulnerabilities by default. As AI-assisted development accelerates, the lack of security governance could lead to significant breaches, impacting businesses and consumers alike. Organizations must prioritize embedding security practices from code to cloud to mitigate risks and protect sensitive data. The study serves as a wake-up call for companies to enhance their security frameworks and adapt to the evolving technological landscape.
What's Next?
Organizations are encouraged to operationalize security tooling focused on prevention and establish governance policies for AI usage. The study predicts an increase in API breaches via shadow APIs or business logic attacks within the next 12 to 18 months. Companies must proactively address these vulnerabilities to prevent potential crises and maintain competitive advantage in the software industry.
