- AI-generated code grows faster than security monitoring mechanisms
- Manual reviews struggle to keep pace with automatically generated software
- Security execs worry that insecure coding patterns are spreading through development pipelines
AI coding wizards have spread across development teams faster than security frameworks can adapt.
A new study from Salt Security claims that 90% of security leaders now report active concerns about the risks posed by AI-generated software.
However, organizations continue to adopt AI tools because they speed up coding tasks, reduce time spent on repetitive work, and increase the speed of software delivery.
Human review can’t handle AI speed
Security officials say development practices designed before AI became mainstream may no longer provide sufficient oversight.
Nearly a third (29%) of respondents identified insecure coding models as the top risk introduced by AI assistants.
These systems learn from massive training datasets that contain their own flaws and outdated practices.
An AI tool can generate code that appears fully functional while silently replicating vulnerabilities that a human might have detected.
This problem is similar to how antivirus software must constantly update its definitions because new threats emerge faster than signature databases can grow.
The difference here is that no central authority tracks every insecure pattern that an AI might reproduce – because despite the widespread anxiety that AI engenders, more than a third of organizations still rely on manual code reviews before any launch.
Reliance on human review becomes structurally problematic when AI produces code in volumes that no team can thoroughly inspect.
This method worked when developers wrote software at human speed, but it fails when AI dramatically speeds up production.
Rater fatigue sets in quickly, teams apply standards inconsistently, and security requirements are interpreted differently across departments.
AI coding assistants are fundamentally changing the way software is built, but governance has not kept pace,” said Roey Eliyahu, CEO and co-founder of Salt Security.
“Most organizations recognize the risks, but many are still trying to manage AI-generated code using security processes designed for a pre-AI world. »
This approach is no more scalable than using a single inbox to handle millions of daily messages without filtering or automation.
Business complexity makes application more difficult
Large organizations with more than 500 employees face governance challenges that smaller businesses simply don’t encounter.
Distributed teams use different tools, follow varying workflows, and enforce security standards with inconsistent rigor across regions.
The risk of developer over-reliance on AI assistants increases in proportion to team size and delivery pressure.
Security agencies, including government cybersecurity bodies, have already warned that AI systems are expanding attack surfaces and significantly complicating accountability structures.
Without better visibility into where AI-generated code enters the pipeline, governance remains guesswork disguised as process.
Treating AI coding assistants as components of the software supply chain – in the same way as reviewing any third-party malware risk – offers a more realistic path forward than hoping that manual review will somehow catch up.
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds.
