- AI-generated code is growing faster than security monitoring mechanisms
- Manual reviews struggle to keep pace with machine-generated software
- Security leaders fear insecure coding patterns will spread through development pipelines
AI coding assistants have spread among development teams faster than security frameworks can adapt.
New research from Salt Security has claimed that 90% of security leaders now report active concerns about the risks posed by AI-generated software.
However, organizations continue to adopt AI tools because they speed up coding tasks, reduce time spent on repetitive work, and increase the speed of software delivery.
Human review can’t keep up with the speed of AI
Security leaders believe that development practices designed before AI became widespread may no longer provide enough oversight.
Nearly a third (29%) of respondents identified insecure coding patterns as the top risk introduced by AI assistants.
These systems learn from massive training data sets that contain their own defects and outdated practices.
An AI tool can generate code that appears fully functional while silently reproducing vulnerabilities that a human could have detected.
This problem is similar to how antivirus software must constantly update its definitions because new threats emerge faster than signature databases can grow.
The difference here is that no central authority tracks every unsafe pattern that an AI could replicate, since despite the widespread anxiety that AI introduces, more than a third of organizations still rely on manual code reviews before any release.
Reliance on human verification becomes structurally problematic when AI produces code in volumes that no team can thoroughly inspect.
That method worked when developers wrote software at human speed, but it fails when AI dramatically speeds up production.
Reviewer fatigue sets in quickly, teams apply standards inconsistently, and security requirements are interpreted differently across departments.
“AI coding assistants are fundamentally changing the way software is built, but governance hasn’t kept pace,” said Roey Eliyahu, CEO and co-founder of Salt Security.
“Most organizations recognize the risks, but many are still trying to manage AI-generated code using security processes designed for a pre-AI world.”
This approach doesn’t scale better than using a single email inbox to handle millions of daily messages without filtering or automation.
Business complexity makes law enforcement difficult
Larger organizations, with more than 500 employees, face governance challenges that smaller companies simply do not face.
Distributed teams use different tools, follow varied workflows, and apply security standards with inconsistent rigor across regions.
The risk of developers becoming overly reliant on AI assistants grows proportionally with team size and delivery pressure.
Security agencies, including government cybersecurity bodies, have previously warned that AI systems expand attack surfaces and significantly complicate accountability structures.
Without better visibility into where AI-generated code goes in, governance remains a guess disguised as a process.
Treating AI coding assistants as components of the software supply chain (similar to examining any third-party malware risks) offers a more realistic path forward than waiting for manual review to somehow catch up.
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.
