Nearly half of all production code is now generated by AI.
Checkmarx surveyed 2,350 engineers, and the results are concerning:
Companies that rely more on AI-generated code ship vulnerabilities at 3.4x the rate of those companies that use AI less for the code.
The more AI-generated code you create, the higher the rate of vulnerable code you deploy and the more breaches you suffer.
This is not looking good.
Here is the funny part:
• 96% of devs use tools to flag security problems • 99.6% of them say those tools work
And yet only 9% of these companies fix more than 90% of the bugs they find within three months.
We have the tools, but we aren't using them.
The report gets even better:
• 75% of teams say they ship code they know is broken • 30% do it because they know nobody will find out • 95% of security chiefs have been pressured to bury/delay findings
People seem to be choosing to look away.
There are a ton of other findings, but the bottom line is clear:
Security in AI-generated code has become a huge problem.
Here is the link to the full report:
https://fandf.co/3S5X60m
Thanks to the @Checkmarx team for sharing their report and collaborating with me on this post.
