New research from Salt Security highlights the persistent challenge enterprises face in governing AI-generated code. It reveals that ninety percent of security leaders harbour concerns over the security risks posed by such code.
The report, AI Coding Assistants and the New Security Challenge, highlights the significant rise in pressure on organisations to manage AI-assisted software development at scale.
- 90% of security leaders are worried about AI-generated code.
- 67% report widespread adoption of AI coding assistants.
- 38% rely on manual review for code evaluation.
- 29% see insecure coding patterns as a leading risk.
- 15% are concerned about misalignment with security policies.
The research conducted among IT security leaders from the UK and the US indicates deep integration of AI coding assistants within enterprise development teams. Despite the rapid uptake—reported by 67% of firms—many have yet to establish effective governance structures to safeguard AI-generated code.
The study reveals a disconnect between the velocity of engineering processes and security oversight. While AI coding tools often strengthen software delivery rates, organisations cling to manual review methods ill-suited for modern, machine-paced development.
Findings also suggest that larger enterprises encounter greater challenges with AI adoption. Companies with over 500 employees are notably more concerned about enforcement consistency, developer overreliance, and governance complexity across distributed environments.
Salt Security's CEO underlines the impact of AI coding assistants on software construction. Yet, there's an acknowledgement that governance structures have yet to catch up, with many maintaining outdated security processes even as code volumes exponentially increase.
The research cautions against relying solely on manual reviews, as they prove inadequate for scaling operations involving AI-generated code. The potential for “security drift” arises with reviewer fatigue, inconsistent enforcement, and discrepancies between policy and practice.
In response, the report provides five strategic priorities to strengthen governance in AI-assisted development. These include improving code visibility, reducing manual review dependence, standardising secure development practices, and recognising AI coding assistants as integral to the software supply chain.
