The Future of AppSec in the Era of AI

Fewer than half of the CISOs, AppSec managers and developers report deploying foundational security tools like dynamic application security testing (DAST) or infrastructure-as-code scanning.

Just 51% of North American organisations report adopting DevSecOps

Only half of organisations surveyed actively use core DevSecOps tools.

34% of CISOs, AppSec managers and developers admit that more than 60% of their code is AI-generated.

98% of organisations experienced a breach stemming from vulnerable code in the past year.

Within the next 12 to 18 months, nearly a third (32%) of CISOs, AppSec managers and developers expect Application Programming Interface (API) breaches via shadow APIs or business logic attacks.

Only 18% of organisations have policies governing AI use.

Up to 60% of code is being generated by organisations using AI coding assistants.

20% of organisations still forbid the use of AI coding assistants.

81% of organisations knowingly ship vulnerable code.

Half of CISOs, AppSec managers and developers already use AI security code assistants.

81% of organisations knowingly ship vulnerable code.