Codebase is now mostly AI-generated

New research from Cloudsmith found 42% of developers using AI in their workflows say at least half of their current codebase is now AI-generated. Yet only 67% of those developers review this code before every deployment, despite the rise of AI-specific exploits like ‘slopsquatting,’ where attackers weaponize hallucinated package names suggested by coding assistants.

  • Friday, 20th June 2025 Posted 2 months ago in by Phil Alsop

The findings, released today in the Cloudsmith 2025 Artifact Management Report, highlight a widening gap between AI adoption in software development and oversight of the associated risks. 20% of developers said they trust AI-generated code “completely”. While 59% apply additional scrutiny to AI-generated packages, only 34% use tools that enforce policies specific to AI-generated artifacts, and 17% report having no such controls in place at all. 

 

“Software development teams are shipping faster, with more AI-generated code and AI agent-led updates,” said Glenn Weinstein, CEO at Cloudsmith. “AI tools have had a huge impact on developer productivity, which is great. That said, with potentially less human scrutiny on generated code, it’s more important that leaders ensure the right automated controls are in place for the software supply chain.”

 

The report also found that 86% of developers have seen an increase in use of AI-influenced packages or dependencies over the past year, with 40% calling that increase “significant”. Despite this, only 29% of respondents felt “very confident” in their ability to detect vulnerabilities within open-source libraries, where AI tooling is likely to draw suggestions.

 

“Controlling the software supply chain is the first step towards securing it,” added Weinstein. “Automated checks and use of curated artifact repositories can help developers spot issues early in the development lifecycle.”

Abzorb launches a Mobile Masterclass to empower UK channel partners to integrate mobile as a core business offering.

Tool sprawl: The quiet culprit behind MSP burnout

Posted 2 weeks ago by Aaron Sandhu
A Heimdal study reveals how the proliferation of security tools overwhelms and exhausts North American MSPs, leading to significant operational...
StorONE's platform allows Storage Guardian to consolidate its infrastructure and boost efficiency, dramatically reducing its data centre footprint.

Securing the future: Navigating hybrid cloud challenges

Posted 3 weeks ago by Aaron Sandhu
New research indicates organisations face hurdles in securing applications across diverse cloud environments, highlighting a need for unified...
Flexera introduces a new platform for comprehensive SaaS discovery, optimisation, and control, addressing challenges such as shadow AI and fragmented...
SolarWinds report suggests IT leaders underestimate the impact of broken processes and limited staff.
CISPE appeals Broadcom's VMware acquisition approval, citing competition risks and exclusion of smaller providers.
Red Hat introduces updates to streamline partner interactions, focusing on specialisation and demand generation for enhanced synergy.