81 percent of security teams lack visibility into AI coding
While AI adoption is now nearly universal, governance and visibility have failed to keep pace, according to a new report from Cycode.
The study shows that 97 percent of organizations are already using or piloting AI coding assistants, and all confirm having AI-generated code in their codebases. Yet, despite this near-total adoption, 81 percent lack visibility into AI usage and 65 percent report increased security risks associated with AI.
Almost a third (30 percent) of respondents say that AI now creates the majority of code in their organizations. Participants overwhelmingly feel that AI increases productivity (78 percent), code quality (79 percent), and faster time to market (72 percent).
But while AI boosts productivity, it also introduces significant risks. Despite near-universal AI adoption, most organizations (52 percent) lack a formal AI governance framework. This has led to a proliferation of Shadow AI, including the rapid, unmanaged spread of AI development tools, models, and coding assistants.
“The findings make it clear: AI development is no longer a future trend; it is today’s reality. As security struggles to keep pace with this rapid adoption, the stage is set for a significant supply chain breach, with Shadow AI as the attack vector,” says Lior Levy, CEO and co-founder of Cycode. “It’s no longer sufficient to just find vulnerabilities in AI-generated code. The rapid spread of Shadow AI demands a strategic response: we must gain complete visibility and governance over the entire AI toolchain. This imperative is why Cycode is empowering organizations with the essential visibility, policies, and controls needed to secure AI development from prompt to production.”
Looking ahead 97 percent of organizations surveyed say they plan to unify their application security stack in the next 12 months, and 100 percent are investing in AI-related initiatives. This pivot is a direct response to the complexity introduced by AI. Leaders are rejecting the ‘tool sprawl’ of the past. Instead, they are investing in unified platforms to gain visibility, reduce noise, and manage AI-driven risk across the software supply chain.
The full report is available from the Cycode site.
Image credit: meshcube/depositphotos.com