ETFOptimize | High-performance ETF-based Investment Strategies

Quantitative strategies, Wall Street-caliber research, and insightful market analysis since 1998.
ETFOptimize | HOME
Close Window
Recent Quotes
My Watchlist
Indicators
Markets
Stocks
ETFs
Tools
Markets:
Overview
News
Currencies
International
Treasuries

83% of Organizations Use AI to Generate Code, Despite Mounting Security Concerns

By: via Business Wire

New Venafi Research Reveals AI- and Open Source-Powered Development Outpacing Security With Many Security Leaders Wanting to Ban AI Code

Venafi, the leader in machine identity management, today released a new research report, Organizations Struggle to Secure AI-Generated and Open Source Code. The report explores the risks of AI-generated and open source code and the challenges of securing it amidst hyper-charged development environments.

A survey of 800 security decision-makers across the U.S., U.K., Germany and France revealed that nearly all (92%) security leaders have concerns about the use of AI-generated code within their organization. Other key survey findings include:

  • Tension Between Security and Developer Teams: Eighty-three percent of security leaders say their developers currently use AI to generate code, with 57% saying it has become common practice. However, 72% feel they have no choice but to allow developers to use AI to remain competitive, and 63% have considered banning the use of AI in coding due to the security risks.
  • Inability to Secure at AI Speed: Sixty-six percent of survey respondents report it is impossible for security teams to keep up with AI-powered developers. As a result, security leaders feel like they are losing control and that businesses are being put at risk, with 78% believing AI-developed code will lead to a security reckoning and 59% losing sleep over the security implications of AI.
  • Governance Gaps: Two-thirds (63%) of security leaders think it is impossible to govern the safe use of AI in their organization, as they do not have visibility into where AI is being used. Despite concerns, less than half of companies (47%) have policies in place to ensure the safe use of AI within development environments.

“Security teams are stuck between a rock and a hard place in a new world where AI writes code. Developers are already supercharged by AI and won’t give up their superpowers. And attackers are infiltrating our ranks – recent examples of long-term meddling in open source projects and North Korean infiltration of IT are just the tip of the iceberg,” said Kevin Bocek, chief innovation officer at Venafi. “Anyone today with an LLM can write code, opening an entirely new front. It’s the code that matters, whether it is your developers hyper-coding with AI, infiltrating foreign agents or someone in finance getting code from an LLM trained on who knows what. So it’s the code that matters! We have to authenticate code wherever it comes from.”

The Open Source Trust Dilemma

When looking at specific concerns around developers using AI to write or generate code, security leaders cited three top concerns:

  1. Developers would become over-reliant on AI, leading to lower standards
  2. AI-written code will not be effectively quality checked
  3. AI will use dated open source libraries that have not been well-maintained

The research also highlights that it is not only AI’s use of open source that could present challenges to security teams:

  • Open Source Overload: On average, security leaders estimate 61% of their applications use open source. This over-reliance on open source could present potential risks, given that 86% of respondents believe open source code encourages speed rather than security best practice amongst developers.
  • Vexing Verification: Ninety percent of security leaders trust code in open source libraries, with 43% saying they have complete trust — yet 75% say it is impossible to verify the security of every line of open source code. As a result, 92% of security leaders believe code signing should be used to ensure open source code can be trusted.

“The recent CrowdStrike outage shows the impact of how fast code goes from developer to worldwide meltdown,” Bocek adds. “Code now can come from anywhere, including AI and foreign agents. There is only going to be more sources of code, not fewer. Authenticating code, applications and workloads based on its identity to ensure that it has not changed and is approved for use is our best shot today and tomorrow. We need to use the CrowdStrike outage as the perfect example of future challenges, not a passing one-off.”

Maintaining the code signing chain of trust can help organizations prevent unauthorized code execution, while also scaling their operations to keep up with developer use of AI and open source technologies. Venafi’s industry-first Stop Unauthorized Code Solution helps security teams and administrators maintain their code signing trust chain across all environments.

“In a world where AI and open source are as powerful as they are unpredictable, code signing becomes a business’ foundational line of defense,” Bocek concludes. “But for this protection to hold, the code signing process must be as strong as it is secure. It’s not just about blocking malicious code — organizations need to ensure that every line of code comes from a trusted source, validating digital signatures against and guaranteeing that nothing has been tampered with since it was signed. The good news is that code signing is used just about everywhere — the bad news is it is most often left unprotected by security teams who can help keep it safe.”

To read the full report, visit https://venafi.com/lp/organizations-struggle-to-secure-ai-generated-and-open-source-code/.

About Venafi

Venafi is the cybersecurity market leader in machine identity management. From the ground to the cloud, Venafi solutions manage and protect identities for all types of machines — from physical and IoT devices to software applications, APIs and containers. Venafi provides global visibility, lifecycle automation and actionable intelligence for all machine identity types and the security and reliability risks associated with them.

With more than 30 patents, Venafi delivers innovative machine identity management solutions for the world's most demanding, security-conscious organizations and government agencies, including the top five U.S. health insurers, top five U.S. airlines, top four payment card issuers and top four U.S. banks. As a leading provider of open source machine identity management solutions, Venafi is the creator of the open source cert-manager project, which is downloaded more than 1.5 million times a day. For more information, visit https://venafi.com/.

Contacts

Recent Quotes

View More
Symbol Price Change (%)
AMZN  238.26
+0.08 (0.04%)
AAPL  256.51
-1.70 (-0.66%)
AMD  232.19
+4.27 (1.87%)
BAC  52.84
+0.24 (0.47%)
GOOG  331.12
-2.04 (-0.61%)
META  624.60
+3.80 (0.61%)
MSFT  461.35
+4.69 (1.03%)
NVDA  187.87
+0.82 (0.44%)
ORCL  189.44
-0.41 (-0.22%)
TSLA  439.18
+0.61 (0.14%)
Stock Quote API & Stock News API supplied by www.cloudquote.io
Quotes delayed at least 20 minutes.
By accessing this page, you agree to the Privacy Policy and Terms Of Service.
© 2025 FinancialContent. All rights reserved.


 
IntelligentValue Home
Close Window

DISCLAIMER

All content herein is issued solely for informational purposes and is not to be construed as an offer to sell or the solicitation of an offer to buy, nor should it be interpreted as a recommendation to buy, hold or sell (short or otherwise) any security.  All opinions, analyses, and information included herein are based on sources believed to be reliable, but no representation or warranty of any kind, expressed or implied, is made including but not limited to any representation or warranty concerning accuracy, completeness, correctness, timeliness or appropriateness. We undertake no obligation to update such opinions, analysis or information. You should independently verify all information contained on this website. Some information is based on analysis of past performance or hypothetical performance results, which have inherent limitations. We make no representation that any particular equity or strategy will or is likely to achieve profits or losses similar to those shown. Shareholders, employees, writers, contractors, and affiliates associated with ETFOptimize.com may have ownership positions in the securities that are mentioned. If you are not sure if ETFs, algorithmic investing, or a particular investment is right for you, you are urged to consult with a Registered Investment Advisor (RIA). Neither this website nor anyone associated with producing its content are Registered Investment Advisors, and no attempt is made herein to substitute for personalized, professional investment advice. Neither ETFOptimize.com, Global Alpha Investments, Inc., nor its employees, service providers, associates, or affiliates are responsible for any investment losses you may incur as a result of using the information provided herein. Remember that past investment returns may not be indicative of future returns.

Copyright © 1998-2017 ETFOptimize.com, a publication of Optimized Investments, Inc. All rights reserved.