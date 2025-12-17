    • Less than a quarter of organizations are securing AI-generated code

    AI deployment development

    A new report reveals that 95 percent of organizations now rely on AI tools to generate code, yet only 24 percent apply comprehensive IP, license, security, and quality evaluations to that AI-generated code.

    The study from Black Duck shows that that organizations without strong dependency management, automation, and SBOM validation are already falling behind on their ability to detect and remediate critical issues.

    While 76 percent of respondents check AI code for security risks, only 24 percent perform IP, license, security, and quality evaluations for AI-generated code. Organizations that are effective at tracking and managing open source dependencies are significantly more prepared (85 percent) to secure open source software compared to the overall average (57 percent).

    "We're in a new era of rapid software innovation, fueled by AI, but these findings reveal a critical challenge: security isn't keeping pace," says Jason Schmitt, CEO at Black Duck. "It's imperative that organizations prioritize robust security frameworks, with a sharp focus on AI-generated code and meticulous dependency management, to build truly resilient software supply chains."

    Among other findings, of the respondents that perform automatic continuous monitoring, 60 percent report remediating critical software vulnerabilities within a day. In contrast, only 45 percent of the full respondent pool say they remediate critical software vulnerabilities within a day showing that organizations that haven’t implemented automatic continuous monitoring are at a clear disadvantage.

    Validating Software Bills of Materials (SBOMs) from external suppliers dramatically improves an organization’s ability to evaluate third-party software and respond to critical vulnerabilities. Of the respondents that prioritize SBOM validation, 63 percent of those that always validate SBOMs say they’re highly prepared to evaluate third-party software; and 59 percent typically respond to critical software vulnerabilities within one day.

    The full report is available from the Black Duck site.

    Image credit: BiancoBlue/Dreamstime.com

    

