- AI-generated code grows faster than security monitoring mechanisms
- Manual reviews struggle to keep pace with machine-generated software
- Security leaders fear that insecure coding patterns will spread through development pipelines
AI coding assistants have spread across development teams faster than security frameworks can adapt.
New Salt Security research has claimed that 90% of security managers now report active concerns about risks associated with AI-generated software.
However, organizations continue to embrace AI tools because they accelerate coding tasks, reduce time spent on repetitive work, and increase the speed of software delivery.
Human review cannot handle AI speed
Security leaders believe development practices designed before AI went mainstream may no longer provide adequate oversight.
Almost a third (29%) of respondents identified insecure coding patterns as the primary risk introduced by AI assistants.
These systems learn from massive training data sets that contain their own errors and outdated practices.
An AI tool can generate code that appears to be fully functional while silently reproducing vulnerabilities that a human could have caught.
This problem is similar to how antivirus software must constantly update its definitions because new threats emerge faster than signature databases can grow.
The difference here is that no central authority tracks every unsafe pattern that an AI might replicate—since, despite the widespread anxiety that AI introduces, more than a third of organizations still rely on manual code reviews before any launch.
Reliance on human control becomes structurally problematic when AI produces code in volumes that no team can thoroughly inspect.
That method worked when developers wrote software at human speed, but it fails when AI dramatically accelerates output.
Reviewer fatigue sets in quickly, teams apply standards inconsistently, and security requirements are interpreted differently across departments.
AI coding assistants are fundamentally changing how software is built, but governance has not kept pace,” said Roey Eliyahu, CEO and co-founder of Salt Security.
“Most organizations recognize the risks, but many still try to manage AI-generated code using security processes designed for a pre-AI world.”
This approach does not scale any better than using a single email inbox to handle millions of daily messages without filtering or automation.
The complexity of the business makes enforcement more difficult
Larger organizations with more than 500 employees face management challenges that smaller companies simply do not encounter.
Distributed teams use different tools, follow different workflows, and apply security standards with inconsistent rigor across regions.
The risk of developer over-reliance on AI assistants grows proportionally with team size and delivery pressure.
Security agencies, including government cybersecurity agencies, have previously warned that AI systems expand attack surfaces and significantly complicate accountability structures.
Without better visibility into where AI-generated code enters the pipeline, governance remains guesswork disguised as process.
Treating AI coding assistants as components of the software supply chain—similar to examining any third-party malware risk—offers a more realistic path forward than hoping that manual review will somehow catch up.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds.
