Become a TechRadar Insider
- AI-generated code is growing faster than security oversight mechanisms
- Manual reviews struggle to keep pace with machine-generated software
- Security leaders fear insecure coding patterns spreading through development pipelines
Artificial intelligence coding assistants have spread across development teams faster than security frameworks can adapt to.
New Salt Security research has claimed 90% of security leaders now report active concerns about risks posed by AI-generated software.
However, organizations continue embracing AI tools because they accelerate coding tasks, reduce time spent on repetitive work, and increase software delivery speed.
Human review cannot handle AI speed
Security leaders believe that development practices designed before AI became mainstream may no longer provide sufficient oversight.
Nearly a third (29%) of respondents identified insecure coding patterns as the primary risk introduced by AI assistants.
These systems learn from massive training datasets that contain their own flaws and outdated practices.
An AI tool can generate code that appears fully functional while quietly reproducing vulnerabilities a human might have caught.
This problem resembles how antivirus software must constantly update its definitions because new threats emerge faster than signature databases can grow.
The difference here is that no central authority tracks every insecure pattern an AI might replicate - as despite the widespread anxiety that AI introduces, more than one-third of organisations still depend on manual code reviews before any launch.
Reliance on human checking becomes structurally problematic when AI produces code at volumes no team can inspect thoroughly.
That method worked when developers wrote software at human speed, but it fails when AI accelerates output dramatically.
Reviewer fatigue sets in quickly, teams apply standards inconsistently, and security requirements get interpreted differently across departments.
AI coding assistants are fundamentally changing how software is built, but governance has not kept pace,” said Roey Eliyahu, CEO and co-founder at Salt Security.
“Most organisations recognise the risks, but many are still trying to manage AI-generated code using security processes designed for a pre-AI world.”
This approach does not scale any better than using a single email inbox to handle millions of daily messages without filtering or automation.
Enterprise complexity makes enforcement harder
Larger organisations with more than 500 employees face governance challenges that smaller firms simply do not encounter.
Distributed teams use different tools, follow varied workflows, and apply security standards with inconsistent rigour across regions.
The risk of developer overreliance on AI assistants grows proportionally with team size and delivery pressure.
Security agencies, including government cybersecurity bodies, have previously warned that AI systems expand attack surfaces and complicate accountability structures significantly.
Without better visibility into where AI-generated code enters the pipeline, governance remains guesswork dressed up as process.
Treating AI coding assistants as components of the software supply chain — similar to vetting any third-party malware risk — offers a more realistic path forward than hoping manual review will somehow catch up.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.
