What's Happening?
A study by Checkmarx has found that 81% of organizations knowingly ship vulnerable code, with AI-generated code becoming increasingly mainstream. The study surveyed 1500 CISOs, AppSec managers, and developers, revealing that half of the respondents use AI security code assistances, and 34% admitted that more than 60% of their code is AI-generated. Despite the widespread use of AI coding assistants, many organizations lack governance around these tools, leading to increased security risks.
Why It's Important?
The findings highlight a significant security challenge as AI-generated code often contains vulnerabilities by default. The lack of governance and security measures around AI coding tools can expand the attack surface, making organizations more susceptible to breaches. As AI continues to play a larger role in software development, secure coding practices and robust security governance will become critical differentiators for organizations seeking to protect their digital assets.
What's Next?
Organizations are encouraged to operationalize security tooling that focuses on prevention and establish policies for AI usage. The study suggests that within the next 12 to 18 months, API breaches via shadow APIs or business logic attacks may become more prevalent. Companies must prioritize embedding security from code to cloud to mitigate risks associated with AI-assisted development.
