Data Security NQ

AI adoption outpaces security
Most organizations are embracing AI in development, yet robust security protocols for AI-generated code are largely absent. This can open the door to new attack vectors. While 76% of respondents check AI code for security risks, only about half evaluate it for quality issues (56%) or IP and license risks (54%). This means a mere 24% perform comprehensive IP, license, security, and quality evaluations for AI-generated code.

Dependency management is key to preparedness
Organizations that are highly effective at tracking and managing open source dependencies are significantly more prepared (85%) to secure open source software compared to the overall average (57%).

Automation drives faster remediation
Of the 294 respondents that perform automatic continuous monitoring, 60% report remediating critical software vulnerabilities within a day. In contrast, only 45% of the full respondent pool remediate critical software vulnerabilities within the same timeframe. This clearly shows that organizations without automatic continuous monitoring are at a significant disadvantage in protecting their software supply chain.

AI in DevSecOps: Game-changer or dangerous disruptor?
Our report reveals a clear trend in the adoption of AI coding assistants. A combined 43.66% of respondents report using AI tools frequently or constantly, indicating that AI is deeply integrated into their daily workflows. This shift toward AI-driven development highlights the growing recognition of AI’s ability to streamline and optimize the DevSecOps pipeline. Almost all—96.7%—organizations are now leveraging open source models for building both internal and external products and software.

The rapid proliferation of AI demands immediate governance and oversight to prevent systemic vulnerabilities. For example, our data highlights a significant “shadow AI” problem, with 10.69% of respondents admitting to using AI coding assistants without official permission, in an unverified or unmonitored way. This unauthorized use can introduce security risks and compliance issues, underscoring the need for robust governance frameworks to ensure that AI tools are used safely and effectively.