"31% of organizations using AI-generated code spend 10 hours or less per month validating, auditing, or securing it, including 5% who do not explicitly audit AI code at all."
"44% of respondents reported their organization spent over 50 hours per month investigating potential security issues linked to third-party dependencies, whether or not they resulted in a breach."
"AI is known to introduce risks in software development by generating insecure or incorrect code, including 'slopsquatting' - where models hallucinate non-existent package names that attackers can then register and exploit."
"With the arrival of new legislation like the EU's Cyber Resilience Act, companies have an incredibly tight deadline to respond to cyberattacks, involving the obligation to provide a detailed assessment 48 hours after becoming aware of a breach."
A report by Cloudsmith reveals that 31% of organizations using AI-generated code spend minimal time validating it, with 5% not auditing at all. Security incidents linked to third-party dependencies have affected 44% of respondents. Additionally, 58% spend over 11 hours monthly on validation, with 17% confident AI does not introduce vulnerabilities. AI can generate insecure code, including risks like 'slopsquatting.' New legislation, such as the EU's Cyber Resilience Act, imposes tight deadlines for breach assessments, requiring organizations to provide provenance data quickly.
#ai-generated-code #software-supply-chain #security-incidents #third-party-dependencies #cyber-resilience
Read at Securitymagazine
Unable to calculate read time
Collection
[
|
...
]