The Rise of the AppSec Leader: Survey Findings

86% of respondents are already using or exploring generative AI tools in their security programmes.

Among those who have encountered issues with AI-generated code, 83% cited lack of transparency as major concerns.

65% believe AI will significantly reshape the AppSec function within the next year.

84% said that supply chain vulnerabilities were the most significant threat to their enterprise applications.

84% recognise the role of the AppSec leader as more important now than ever. More than 84% believe their role is more important now than it was a few years ago. This increased importance is linked to factors such as growing challenges from AI-generated code and open source software.

Speed of software development outpacing security priorities was also a concern for 71%.

65% highlighted a lack of visibility across AppSec tools

63% still report moderate or significant friction in getting developers to adopt security team feedback, despite increased DevSecOps collaboration.

Among those who have encountered issues with AI-generated code, 92% reported insecure code as a concern.

76% of respondents named application security posture management (ASPM) as their top investment focus for 2025.

64% of organizations are growing their AppSec teams.

Managing the sheer volume of vulnerabilities and false positives were the biggest challenges in securing code, cited by 78% of respondents.

Open-source risks and cloud misconfigurations followed supply chain vulnerabilities closely at 73%.