AI Coding Boom Brings Faster Releases—and Bigger Security Risks

AI has already rewritten the rules of software development. Coding assistants have gone from novelty to necessity in less than two years. Enterprises are adopting them at breakneck speed. Sandeep Johri, CEO of Checkmarx, told me, “Every customer I spoke to is adopting coding assistants rapidly.”

That enthusiasm is easy to understand. I occasionally use AI tools myself to accelerate work. They’re force multipliers. But my experience has also made me cautious. AI may expedite some elements, but I have to step in to course correct. That works because I know my craft. Developers face the same reality: AI can speed up output, but without oversight, the quality suffers.

The paradox of AI in software is that the productivity boost comes with a security price tag.

The Productivity–Security Paradox

Johri didn’t mince words: auto-generated code is “two to three times more vulnerable.” That’s the cost of scale. You’re writing more code, so you’re multiplying exposure. Organizations risk trading efficiency gains for long-term technical debt that won’t show up until it’s too late.

Independent research backs this up. Melinda Marks, practice director for cybersecurity at Enterprise Strategy Group (ESG), told me that 45% of security leaders cite understanding and managing AI and GenAI risk as their top challenge in supporting cloud-native development. Even more telling, she said, “When asked about elements most susceptible to compromise, the highest percentage (36%) rated usage of AI over other elements, including OSS, data storage repositories, cloud infrastructure configurations and APIs.”

I’ve seen this story play out time and time again. The dot-com boom, cloud adoption, mobile apps—each wave gave us innovation followed by the hangover of new risks. AI-assisted development is no different. We’re in the acceleration phase now, but security has to catch up.

Evolving AppSec in an AI World

Traditional application security tools can’t keep pace with AI-generated code volume. By the time issues are flagged, vulnerable code is already in production. That’s like running a safety check after the car has already rolled off the lot.

What impressed me when I spoke with Johri is how Checkmarx is approaching this with agents embedded directly in the IDE. Instead of chasing vulnerabilities after the fact, they catch them as code is written. To me, this shift feels essential. You can’t fight AI-driven development with yesterday’s AppSec model. Security has to live where the code is born.

Marks stressed that organizations are enthusiastic—97% are already using, planning to use or interested in GenAI tools—but enthusiasm doesn’t erase risk. “AI technology is evolving rapidly and organizations are excited to leverage it to speed development,” she said. “However, security teams need to support secure AI usage to partner with developers to help them utilize it safely without increasing security risk for their applications.”

Agents as the Next Security Frontier

AI isn’t just creating problems—it’s part of the solution. Security is moving into its own “agent era.”

  • False positive reduction agents slash noise by up to 80%, which is critical in an industry already plagued by alert fatigue.
  • Prioritization agents filter the haystack to surface only the needles that matter. Not every vulnerability is worth burning developer time.
  • Remediation agents go one step further, offering suggested fixes that shave hours off resolution.

As pretty much every software and cybersecurity vendor has emphasized—the goal is to eliminate security engineers or developers. The aim is for humans to focus on judgment calls and strategic defense, while AI handles the grunt work.

The Bigger Picture: AI as Both Shield and Sword

Here’s where I see the stakes rising. For decades, AppSec has been reactive. Find flaws after the fact, patch what you can, repeat the cycle. AI offers the chance to flip that equation—proactive security that stops vulnerabilities before they spread.

But the same technology is also arming attackers. They’re already experimenting with AI-generated malware, hallucinations that hide malicious intent and prompt injection attacks that manipulate models. Defenders and attackers are running the same race at machine speed. That’s the sword-and-shield dynamic that will define this next era.

Securing the Future at Machine Speed

I think the lesson is simple: security and development are no longer separate tracks. They’re converging, and AI is the bridge. If enterprises embrace AI for speed, they must embrace it for security too. Otherwise, the very thing that fuels innovation will undermine it.

We’re not looking at a choice between productivity and safety. We’re looking at a future where both depend on AI—and where the winners will be those who learn to secure software at the same pace it’s being created.

The rise of coding assistants is only the beginning. The future of AppSec won’t just involve defending against AI-powered threats. It will be about using AI to secure AI itself.

Scroll to Top