al-ice.ai

Salt Security — 90% of security leaders worried about AI-generated code risks

Security by al-ice.ai Editorial

AI relevance: AI coding assistants now generate nearly half of all enterprise code, creating a governance gap where machine-speed development outpaces manual review — directly impacting the security of AI-assisted CI/CD pipelines.

What the data shows

  • 90% of security leaders have active concerns about AI-generated code (Salt Security, Censuswide survey, 100 UK/US IT security leaders, May 12–15, 2026).
  • 67% of organizations report widespread adoption of AI coding assistants across development teams.
  • 38% still rely primarily on manual review for AI-generated code — processes not designed for machine-speed development.
  • 29% identify insecure coding patterns as the leading risk introduced by AI assistants.
  • 15% cite misalignment with internal security policies as a major concern.
  • Organizations with 500+ employees report significantly higher concerns around enforcement consistency, developer overreliance, and governance complexity across distributed teams.
  • Salt Security describes the resulting gap as "security drift" — reviewer fatigue, inconsistent enforcement, and policy-practice divergence scale with AI code volume.

Why it matters

  • AI-generated code is now part of the software supply chain — vulnerable patterns can ship to production before manual reviewers catch them.
  • Manual review cannot scale to AI-assisted development velocity; what worked for human-paced PR reviews becomes a bottleneck.
  • The governance gap creates conditions for insecure code to slip into production AI systems, amplifying downstream risk.

What to do

  • Treat AI coding assistants as part of your software supply chain — apply the same scrutiny as third-party dependencies.
  • Implement automated code analysis gates (SAST/DAST) specifically tuned for AI-generated code patterns.
  • Standardize secure development practices for AI-assisted workflows; don't rely on developer discretion alone.
  • Improve visibility into AI-generated code volume and review coverage across teams.

Sources