The speedy adoption of AI coding assistants is creating a brand new governance problem for enterprise safety groups, based on analysis launched by Salt Safety, which discovered that 9 in ten safety leaders are involved in regards to the safety dangers related to AI-generated code. The analysis, AI Coding Assistants and the New Safety Problem, surveyed 100 IT safety leaders throughout the UK and US and highlights the rising pressure between software program growth velocity and safety oversight.
In accordance with the research, 67% of organisations now report widespread adoption of AI coding assistants throughout growth groups, reflecting how deeply AI has develop into embedded in trendy software program engineering practices. Nevertheless, governance frameworks have struggled to maintain tempo. Whereas organisations more and more depend on AI to speed up growth, 38% nonetheless rely totally on guide opinions to evaluate AI-generated code, a course of many safety leaders consider is turning into unsustainable.
Amongst respondents, 29% recognized insecure coding patterns as the largest threat launched by AI assistants, whereas 15% cited issues about generated code failing to align with inner safety insurance policies.
The findings mirror wider trade issues in regards to the high quality and safety of machine-generated software program. In accordance with figures cited by Salt Safety, AI coding assistants now generate practically half of all code written on platforms akin to GitHub, whereas unbiased analysis has discovered {that a} important proportion of AI-generated code incorporates identified vulnerabilities.
“AI coding assistants are basically altering how software program is constructed, however governance has not stored tempo,” mentioned Roey Eliyahu, CEO and co-founder of Salt Safety.
“Most organisations recognise the dangers, however many are nonetheless attempting to handle AI-generated code utilizing safety processes designed for a pre-AI world. That method doesn’t scale. Safety leaders want visibility, consistency and embedded governance throughout the AI-assisted growth lifecycle earlier than code volumes develop into unmanageable.”
The analysis additionally revealed that bigger enterprises face better operational complexity as AI adoption grows. Organisations with greater than 500 staff had been considerably extra more likely to report challenges round governance consistency, developer overreliance on AI-generated outputs and coverage enforcement throughout distributed growth groups.
The findings coincide with the launch of Salt Code, a brand new addition to the corporate’s Agentic Safety Platform designed to implement safety insurance policies instantly inside AI coding assistants akin to Claude Code, GitHub Copilot, Cursor, Gemini CLI and Codex. Salt Code is designed to maneuver safety controls earlier within the software program growth lifecycle. Slightly than relying solely on conventional safety testing instruments after code has been written, Salt Code applies organisational safety insurance policies throughout code technology itself.
On the coronary heart of the platform is Salt’s Posture Governance Engine, which permits organisations to outline safety and compliance necessities as soon as and implement them persistently throughout code creation, deployment and runtime environments. The platform contains pre-built coverage packs masking frameworks such because the OWASP API Prime 10, MCP Safety Prime 10, LLM Safety Prime 10 and OpenAPI/Swagger compliance.
In accordance with Salt Safety, the method is meant to deal with what it describes as “safety drift”, or the gradual divergence between organisational insurance policies and precise growth practices that may happen as AI-generated code volumes enhance.
“AI is writing code sooner than organisations can govern it, whether or not that AI is Claude, Gemini, Copilot, or the following instrument a developer downloads tomorrow,” Eliyahu mentioned.
“For the primary time, safety coverage travels with the code itself, from the primary immediate by each stage of the pipeline and into runtime. Organisations now not have to decide on between the velocity AI allows and the safety their enterprise requires.”
Business analysts have argued that governance will develop into more and more essential as AI-generated code kinds a rising share of enterprise software program. Salt’s analysis means that organisations are already recognising the problem, with safety leaders expressing issues that guide evaluate processes are struggling to scale alongside AI-assisted growth.
“I often level organisations towards Salt as a result of the complete Agentic Safety Graph is genuinely differentiating. Salt Code is the piece that ties it collectively,” mentioned Christopher M. Steffen, CISSP, CISA, CCZ, VP of Analysis, Info Safety, Danger and Compliance Administration, Enterprise Administration Associates. “With code-level context layered onto runtime behaviour, Salt is constructing a multi-dimensional defence for agentic programs slightly than one other single-point instrument. That’s the course this market wants to maneuver.”
The corporate is encouraging organisations to concentrate on enhancing visibility into AI-generated code, decreasing dependence on guide evaluate, standardising safe growth practices and treating AI coding assistants as a part of the broader software program provide chain.
As enterprises proceed to embrace AI-assisted growth, the findings counsel that the following part of adoption could also be outlined much less by productiveness positive aspects and extra by how successfully organisations can govern and safe the code these programs produce.
