- Vibe Coding Is Widespread, But So Are Vulnerabilities in AI-Generated Code
- No one really knows who is ultimately responsible for the AI code
- Both AI and humans play a role in development
New research has claimed that more than two-thirds (69%) of organizations have found vulnerabilities in AI-generated code, despite 24% of production code now being written by AI globally.
Aikido Security’s State of AI in Security and Development report found that even as companies push AI agendas to improve efficiency and increase production, security teams (53%), developers (45%) and mergers (42%) are still to blame when AI code goes wrong.
Aikido says this is creating confusion over the ownership of vulnerabilities caused by AI, which could ultimately make them more difficult to track and remediate.
AI generated code is not perfect
“The developers didn’t write the code, infosec couldn’t review it, and the legal department can’t determine liability if something goes wrong. It’s a real risk nightmare,” said Mike Wilkes, CISO of Aikido. “No one knows who is responsible when AI-generated code causes a breach.”
In Europe, 20% of companies have had serious incidents, while their American counterparts have seen more than double that (43%), which Aikido attributes to two factors: the greater likelihood of American developers to circumvent security controls (72% vs. 61%) and Europe’s stricter enforcement. Still, half (53%) of European companies admit to having been close to accidents.
AI tools may not be the enemy, but having an overly complicated ecosystem could be. The report reveals how 90% of those who used six to eight tools experienced incidents, compared to 64% of those who used just one or two tools.
Remediation time is also longer for those who use more tools (3.3 days for 1 or 2 tools vs. 7.8 days for more than 5 tools).
However, the outlook is more positive. A majority (96%) agree that AI will eventually write secure and trusted code within the next five years, and nearly as many (90%) believe AI will be able to handle penetration testing within 5.5 years.
Better yet (for the workforce), only 21% think this will happen without human oversight, highlighting the importance of human workers in the development process.
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
The best antivirus for all budgets
