My AI-generated code poses security risks due to inadequate governance.

ByAdmin

A new report by Checkmarx highlights a growing trend in the use of AI coding assistants, which has significant implications for application security and governance. The report surveyed over 1,500 Chief Information Security Officers (CISOs), application security managers, and developers across North America, Europe, and Asia-Pacific. It reveals that AI-generated code now constitutes a substantial proportion of software development across organisations worldwide. According to the findings, over half of the respondents already use AI coding assistants, and 34% report that more than 60% of their code is generated using such tools. Despite the rapid adoption of generative AI in coding, the survey found that only 18% of organisations have formal policies governing the use of AI coding assistants. This points to a significant gap between technological uptake and the establishment of necessary governance frameworks to manage the resulting risks.

The research also highlights that risky development practices, particularly under business pressure, are becoming increasingly normalised. The report states that 81% of organisations knowingly ship vulnerable code. Furthermore, 98% of organisations surveyed experienced a security breach linked to vulnerable code in the past 12 months, marking a notable rise compared to 91% reporting breaches the previous year. Looking ahead, nearly a third (32%) of respondents expect breaches via APIs, including through shadow APIs or business logic attacks, within the next 12 to 18 months. Despite these heightened risks, the report found that fewer than half of the respondents regularly deploy core security tools such as Dynamic Application Security Testing (DAST) or Infrastructure-as-Code scanning. DevSecOps, although widely discussed in the industry, is not yet universally adopted, with only half of the organisations using essential DevSecOps tools, and the figure in North America standing at just 51%. 

Categories: AI Coding Assistants, Application Security Governance, Vulnerable Code Practices 

Tags: AI Coding Assistants, Application Security, Governance, Vulnerable Code, Security Breaches, DevSecOps, Dynamic Application Security Testing, Infrastructure-as-Code Scanning, Software Development, Risk Management 

Leave a Reply

Your email address will not be published. Required fields are marked *