Developers Acknowledge AI-Generated Code Vulnerabilities, Still Ship It
A recent survey indicates 70% of developers find AI-generated code more vulnerable, with 30% knowingly deploying it. Despite concerns, pressure to release software quickly leads to shipping potentially insecure code, impacting global software development risks and security breaches.
Key points
- 70% of 2,350 global developers surveyed by Checkmarx believe AI-generated code contains more vulnerabilities.
- 30% of these developers admit to knowingly shipping vulnerable AI-generated code into production environments.
- The proportion of AI-generated code in production applications slightly decreased to 49%, down from 54% in the prior year.
- Open source foundations account for 59% of code used in production applications, also presenting security risks.
- 93% of respondents reported experiencing at least one security breach due to vulnerable applications, a slight decrease from 98% last year.
A new report by security firm Checkmarx reveals a significant portion of developers are aware of security risks associated with AI-generated code. The survey of 2,350 global developers, CISOs, and AppSec managers found that 70 percent believe code produced by artificial intelligence is more prone to vulnerabilities.
Despite this awareness, a concerning 30 percent admitted to knowingly deploying such vulnerable code into production systems. This practice is often driven by pressure to meet rapid deployment schedules. The report also noted that while the use of AI-generated code in production applications saw a marginal decrease to 49 percent from 54 percent previously, it remains a substantial figure.
Furthermore, the study highlighted the inherent risks in the prevalent use of open-source software, which forms the backbone of 59 percent of production applications. These components can be susceptible to vulnerabilities, whether due to the challenges faced by maintainers or the potential for malicious packages being introduced into popular repositories.
The consequence of these practices is an elevated risk landscape in software development. While the percentage of respondents reporting security breaches linked to vulnerable applications saw a slight dip to 93 percent from 98 percent last year, the issue remains widespread, underscoring ongoing global security challenges.
Sources
The WireByte editorial team synthesises technology news from multiple primary sources, verifies the facts, and links every source. Articles are produced with AI assistance and reviewed under our editorial policy.