"AI coding tools are creating serious security risks in production, with one-in-five CISOs saying they've suffered major incidents because of AI-generated code. AI coding tools now write 24% of production code - 21% in Europe and 29% in the US - according to a new from Aikido. But it's risky, with 69% of security leaders, security engineers, and developers across Europe and the US revealing they'd found serious vulnerabilities in AI-written code."
"Adding more tools to address the issue isn't helping, Aikido found. Indeed, organizations with more security tools report more incidents, with more overhead and slower remediation. Nearly two-thirds (64%) of those with just one or two tools had an incident, the figure was 90% for those with between six and nine tools."
"Notably, teams using tools designed for both developers and security teams were more than twice as likely to report zero incidents than those using tools made for only one specific group. "Giving developers the right security tool that works with existing tools and workflows allows teams to implement security best practices and improve their posture," commented Walid Mahmoud, DevSecOps lead at the UK Cabinet Office. Teams using separate AppSec and CloudSec tools were 50% more likely to face incidents,"
AI coding tools produce roughly 24% of production code overall, with 29% in the US and 21% in Europe. Security leaders, engineers, and developers report that 69% have discovered serious vulnerabilities in AI-written code. US organizations report higher rates of serious incidents (43%) compared with European organizations (20%), while Europe reports more near misses suggesting stronger testing and oversight. Adding more security tools correlates with more incidents and slower remediation; 64% of organizations with one or two tools experienced an incident versus 90% with six to nine tools. Integrated developer-and-security tools associate with fewer incidents and fewer integration headaches.
Read at IT Pro
Unable to calculate read time
Collection
[
|
...
]