KUALA LUMPUR, Aug 18 (Bernama) -- Checkmarx, a leader in agentic artificial intelligence (AI)-powered application security, has released the findings of its annual “Future of Application Security in the Era of AI” report, highlighting a growing disconnect between AI-driven development and security governance.
Findings revealed that AI-generated code is fast becoming mainstream, with half of respondents using AI security code assistants. About 34 per cent reported that over 60 per cent of their code is AI-generated, yet only 18 per cent have governance policies in place. The rapid shift to AI-assisted development is raising concerns about developer accountability and expanding the attack surface.
The survey also noted growing business pressure that is leading organisations to take risks. More than 80 per cent knowingly shipped vulnerable code, while 98 per cent experienced a breach linked to insecure code over the past year, compared with 91 per cent in 2024.
Checkmarx vice-president for Asia Pacific, the Middle East and Africa, Nitin Dang said fast-growing markets often prioritise speed in order to capture opportunities, sometimes at the expense of security.
“Our research shows that under-utilisation of essential application security practices, combined with the rush to deliver, often results in vulnerabilities making it to production,” he said in a statement.
In the coming 12 to 18 months, 32 per cent of respondents expect breaches through application programming interfaces (APIs), particularly via shadow APIs or business logic attacks. However, fewer than half deploy basic security tools such as dynamic application security testing (DAST) or infrastructure-as-code scanning.
Despite widespread industry discussion on DevSecOps, only half of organisations reported active use of core tools, with 51 per cent of North American companies adopting DevSecOps practices.
The report outlined six strategic priorities to close the security readiness gap — moving from awareness to action, embedding code-to-cloud security, governing AI use in development, operationalising security tools, preparing for agentic AI in application security, and promoting developer empowerment.
The report release comes after Checkmarx announced the general availability of its Developer Assist agent, which integrates with AI-native development environments such as Windsurf by Cognition, Cursor and GitHub Copilot. The tool provides real-time, context-aware issue detection and guidance for developers.
The study, involving more than 1,500 chief information security officers (CISOs), application security managers and developers across North America, Europe and Asia Pacific, examined how businesses are adapting as machine-generated code becomes more prevalent.
-- BERNAMA
BERNAMA provides up-to-date authentic and comprehensive news and information which are disseminated via BERNAMA Wires; www.bernama.com; BERNAMA TV on Astro 502, unifi TV 631 and MYTV 121 channels and BERNAMA Radio on FM93.9 (Klang Valley), FM107.5 (Johor Bahru), FM107.9 (Kota Kinabalu) and FM100.9 (Kuching) frequencies.
Follow us on social media :
Facebook : @bernamaofficial, @bernamatv, @bernamaradio
Twitter : @bernama.com, @BernamaTV, @bernamaradio
Instagram : @bernamaofficial, @bernamatvofficial, @bernamaradioofficial
TikTok : @bernamaofficial
