Enterprises Knowingly Ship Vulnerable AI Code in 75% of Cases, as Breaches Hit 93%
Updated
Updated · InfoWorld · Jun 10
Enterprises Knowingly Ship Vulnerable AI Code in 75% of Cases, as Breaches Hit 93%
3 articles · Updated · InfoWorld · Jun 10
Summary
Three-quarters of enterprises knowingly deploy vulnerable AI-generated code, and about 30% admit they ship compromised code hoping flaws will not be found, Checkmarx said in a survey of 2,350 security leaders and developers.
AI-heavy adopters face the sharpest risk: organizations generating 81% to 100% of code with AI ship vulnerable code 3.4 times more often than companies limiting AI-generated code to 20% or less.
Ninety-three percent of surveyed enterprises reported at least one breach tied directly to in-house applications, while 70% of developers said AI code generation created vulnerabilities in 2025.
Only 22% of organizations have formal AI governance, and just 18% of developers continuously secure code, leaving manual reviews and delayed fixes struggling to match AI-era development speed.
Checkmarx said newer systems such as Anthropic's Mythos and Project Glasswing are compressing exploit timelines, pushing enterprises toward embedded security, automation and stronger governance inside developer workflows.
With AI finding security flaws faster than humans can patch, is the cybersecurity arms race already lost?
As insurers rewrite policies to exclude AI risks, will companies become uninsurable for using their own AI-generated code?
AI Code Security in Crisis: Exploitation Time Drops from 771 Days to 20 Hours—Urgent Solutions for a Vulnerable Era
Overview
The rapid growth of AI technologies, fueled by accessible open-source platforms and user-friendly tools, has created a gap between what employees can do with AI and what organizations can control. This has led to heightened vulnerability in AI code, with organizations facing immediate and severe consequences across sectors. The time available to fix new vulnerabilities has shrunk dramatically—from years to just hours—making it easier for attackers to exploit weaknesses quickly. As a result, companies must act fast to secure their AI systems and prevent damaging incidents, highlighting the urgent need for stronger security measures and better governance.