AI-Assisted Development Overwhelms App Security as 45% of Large-Company Flaws Stay Unfixed After 1 Year
Updated
Updated · ZDNet · May 11
AI-Assisted Development Overwhelms App Security as 45% of Large-Company Flaws Stay Unfixed After 1 Year
1 articles · Updated · ZDNet · May 11
Continuous deployment and AI-assisted coding are generating software changes faster than traditional app-security teams can review, leaving vulnerability backlogs that developers cannot realistically clear.
Edgescan data cited in the report shows network flaws take 54 days to fix, web-app issues nearly 75 days, and 45% of vulnerabilities at large companies remain unresolved after a full year.
That lag is colliding with faster exploitation: Verizon said 20% of 2025 breach initial access came through code vulnerabilities, while VulnCheck found 32.1% of known exploited flaws showed evidence of abuse on or before CVE disclosure.
The report argues patching and compensating controls still matter but should become a second-line safety net, with security moved earlier into code creation, design, dependencies and deployment workflows.
AI is sharpening the mismatch rather than solving it—Snyk said 56.4% of developers frequently hit security issues in AI-generated code and 80% bypassed or ignored organizational AI code-security policies.
As AI generates insecure code faster than humans can fix, are we creating an unmanageable security debt?
With NIST's database faltering, how will companies find the real threats in a sea of unrated security flaws?
The 2026 Software Security Crisis: Managing 48,185 Annual Vulnerabilities in the Age of AI
Overview
As of 2026, the software security landscape is increasingly alarming, driven by a record surge in vulnerabilities and the complex challenges introduced by artificial intelligence. Organizations are facing a growing 'security debt,' as critical risks accumulate much faster than they can be patched. In 2025 alone, over 48,000 new vulnerabilities were published—an average of 131 each day—making the traditional strategy of fixing every flaw unsustainable. The rapid integration of AI into development and operations is accelerating this trend, creating new attack surfaces and overwhelming existing security practices, forcing organizations to rethink their approach to managing software security.