- Four out of five companies deliberately sent vulnerable code warns Survey
- One-third says that 60% of their code is now AI-GRANTED
- Orgs need to use AI to identify vulnerabilities
A survey of 1,500 CISOs, AppSEC leaders and developers conducted by CheckMarx have claimed that four out of five (81%) companies deliberately sent a vulnerable code, putting them and their users at risk of attack.
It is estimated that one in two respondents is already using AI Security Code Assistance, with about one-third (34%), which admits that more than 60% of their code is AI-generated-which can often contain known vulnerabilities by default.
An overwhelming majority (98%) has experienced a violation due to vulnerable code in the past year, and yet they continue to send a vulnerable code without implementing the right protective measures.
Businesses are sent vulnerable, AI-Generated Code
The report outlines how generative AI has now eroded developer ownership with code that is less likely to be associated with any particular individuals. It has also expanded the attack surface by reopening vulnerabilities that could have previously been avoided with proper coding expertise.
The trend has largely been blamed for artificial intelligence, where vibe coded increasing and many developers who now choose to edit AI-generated code instead of writing their own from scratch.
The lack of governance around this has created what the company describes as the perfect storm.
Fewer than half of the respondents were found to use basic security tools such as DAST and IAC scanning, with a similar number using DEVSECOPS tools.
Looking ahead, CheckMarx emphasizes projects in projects ranging from the coding level, with organizations encouraged to establish policies for AI tool use. By recognizing that developers are now actively using AI, CheckMarx suggests that companies instead of banning it should also use Agentic AI to analyze and solve problems across projects.
“AI -generated code will continue to proliferate; secure software will be the competitive differentiating in the coming years,” concluded CheckMarx VP for Portfolio Marketing Eran Kinsbruner.
