AI Coding Boom Accelerates Software Development, But Security Risks Multiply
SAN FRANCISCO — Artificial intelligence has rapidly transformed software development, with coding assistants going from novelty to mainstream in under two years. But while the technology promises faster releases, experts warn it is also introducing serious new security risks.
“Every customer I spoke to is adopting coding assistants rapidly,” said Sandeep Johri, CEO of application security firm Checkmarx. “Auto-generated code is two to three times more vulnerable.”
The paradox of AI-assisted development, Johri and others say, is that the same tools boosting productivity also expand the attack surface, multiplying flaws that may not emerge until after software is deployed.
Productivity Comes at a Price
A recent survey by the Enterprise Strategy Group (ESG) highlights the scope of the challenge. Nearly half of security leaders (45%) say managing AI and GenAI risk is now their top concern in supporting cloud-native development. When asked which elements are most susceptible to compromise, 36% ranked AI usage ahead of open-source software, APIs, and even cloud infrastructure.
Melinda Marks, ESG’s practice director for cybersecurity, said the rush to adopt AI mirrors earlier waves of innovation such as the rise of cloud and mobile apps. “Organizations are excited to leverage it to speed development,” she said, “but security teams need to partner with developers to ensure it’s done safely.”
AppSec Needs to Evolve
Traditional application security tools are struggling to keep up with the sheer volume of AI-generated code. Vulnerabilities are often identified only after they’re already in production, leaving organizations exposed.
Checkmarx is among vendors pushing for a shift, embedding security agents directly into integrated development environments (IDEs). By flagging issues as code is written, these tools aim to catch vulnerabilities at the source.
Industry-wide, security tools powered by AI are moving into what some call the “agent era.” Specialized agents now handle tasks from reducing false positives to prioritizing critical issues and even suggesting fixes, reducing the burden on security engineers and developers.
AI as Both Weapon and Defense
The rise of coding assistants is forcing security leaders to rethink strategies. AI is not just a tool for defenders—it is also being weaponized by attackers. Experts say hackers are already experimenting with AI-generated malware, hidden malicious code, and prompt injection attacks designed to manipulate models.
That dynamic has created a high-speed race between attackers and defenders, both harnessing AI to outpace the other.
What’s Next
Analysts agree that security and development can no longer be treated as separate disciplines. As Johri put it, “You can’t fight AI-driven development with yesterday’s AppSec model.”
The winners of this new era, experts say, will be organizations that embrace AI not only for faster development but also for securing their applications at the same machine speed.
“The future of AppSec won’t just be about defending against AI-powered threats,” Marks said. “It will be about using AI to secure AI itself.”
Photo Credit: DepositPhotos.com