- Four out of five companies knowingly send the vulnerable code, warns the investigation
- A third say that 60% of their code is now generated by AI
- Organizations must use AI to identify vulnerabilities
A study on 1,500 cisos, application managers and developers conducted by Checkmarx claimed four out of five companies (81%) knowingly shipped the vulnerable code, putting them as well as their users at risk of attack.
It is estimated that one in two respondents already uses assistance to the IA security code, with approximately a third (34%) admitting that more than 60% of their code is generated by the AI – which can often contain known vulnerabilities by default.
An overwhelming majority (98%) experienced a violation due to the vulnerable code in the past year, and yet they continue to send vulnerable code without implementing the right protective measures.
Companies shipped the vulnerable code generated by AI-AI
The report describes how generative AI has now eroded the property of developers with the code less likely to be affiliated with individuals in particular. He also widened the reopening attack surface of vulnerabilities that could have been avoided before with appropriate coding expertise.
The trend has been largely attributed to artificial intelligence, with an atmosphere on the rise and many developers now choose to modify the code generated by AI rather than writing theirs from zero.
The lack of governance around this has created what the company describes as the perfect storm.
Less than half of the respondents have proven to use basic safety tools like Dast and IAC Scanning, with a similar number using DevSecops tools.
For the future, Checkmarx stresses that security should be integrated into projects directly from the level of coding, the organizations invited to establish policies for using AI tools. Recognizing that developers actively use AI, Checkmarx suggests that, instead of prohibiting it, companies should also use agency AI to analyze and solve problems between projects.
“The code generated by AI will continue to proliferate; secure software will be the competitive differentiator in the coming years,” concluded the Vice-President of Checkmarx of portfolio marketing, Kinsbruner.