- Four out of five companies send a vulnerable code to know, the survey warns
- A third says that 60% of its code is now generated by AI
- Orks should use AI to identify vulnerabilities
A study of 1,500 Ciso, APSEC managers and developers conducted by Checkmarx has claimed four out of five (81%) companies by sending a vulnerable code to know, putting them at risk of attack on them and their users.
It is estimated that one in two respondents already uses assistance from the AI security code, with about a third (34%) admitting that more than 60% of its code is generated by AI, which often can contain known vulnerabilities known by default.
An overwhelming majority (98%) has experienced a violation due to the vulnerable code in the last year and yet they continue to send vulnerable code without implementing correct protection measures.
Companies are sending vulnerable code and generated by AI
The report describes how the generative AI has eroded the property of the developer with the code with less likely to be affiliated with anyone in particular. It has also expanded the surface of attack on reopening vulnerabilities that could previously have been avoided with adequate coding experience.
The trend has largely blamed artificial intelligence, with a viber that encodes the increase and many developers now choose to edit the code generated by AI instead of writing yours from scratch.
The lack of government around this has created what the company describes as the perfect storm.
It was discovered that less than half of the respondents used fundamental security tools such as DAST and IAC Scanning, with a similar number using Devsecops tools.
Looking towards the future, Checkmarx’s security must become projects from the coding level, with organizations urged to establish policies for the use of the AI tool. Recognizing that developers are now actively using AI, Checkmarx suggests that, instead of prohibiting it, companies should also use the Agent to analyze and solve problems in all projects.
“The code generated by AI will continue to proliferate; the safe software will be the competitive differentiator in the coming years,” concluded portfolio marketing vice president were Kinsbruner.
