IT Brief UK - Technology news for CIOs & IT decision-makers
United Kingdom

Guides

#
artificial intelligence
#
digital transformation
#
disaster recovery
#
hybrid & remote work
#
internet of things

Search

Software developer coding rapidly ai driven deployment causing bugs warning icons
#
DevOps
#
Application Security
#
DevSecOps

AI-driven code speed leaves security trailing, Black Duck warns

Thu, 9th Oct 2025
Author image
By Jed Nykolle Harme, Editor

Research from Black Duck has found that a rapid increase in daily code deployments powered by artificial intelligence is outpacing the evolution of security practices, creating accumulating security risks for organisations across industries.

The "Balancing AI Usage and Risk in 2025: The Global State of DevSecOps" report, published by Black Duck, examines the widening gap between development speed and security management. Drawing on survey responses from over 1,000 global software and security professionals, the report identifies several persistent challenges in managing application security in the age of AI-driven development.

Rising speed, lagging security

Nearly 60% of respondents reported that their organisations now deploy code on a daily basis or even more frequently, signifying a notable acceleration in development cycles. However, 46% of companies stated they still depend on manual processes to move new code into security testing queues, resulting in bottlenecks and incomplete coverage.

This reliance on manual security reviews creates what the report refers to as "security debt"-the accumulation of unresolved security risks created each time new code is released without sufficiently automated controls. The issue, researchers note, is compounded by friction that arises between development and security teams when fast release cycles are slowed by testing requirements.

Tool fatigue and the ROI dilemma

Tool proliferation is contributing to inefficiency within security operations. According to the report, 71% of participants indicated that a significant portion of security alerts generated by their tools consisted of noise, such as false positives or duplicate findings, often due to overlapping functionality between multiple tools. This environment, the report notes, challenges the perceived return on investment for organisations investing in security technology.

Furthermore, 81% of professionals surveyed said that application security testing is slowing development and delivery, underscoring the ongoing tensions between the need for speed in software deployment and the requirement for robust security oversight.

AI as both support and risk

The research pays particular attention to the dual impact of AI on software development and security. While 63% of respondents believe that AI helps them write more secure code, 57% felt that it also introduces new and complex risks not seen with traditional development practices.

"The findings paint a clear picture: the old ways of doing application security aren't working, and speed without integrated security creates risk for companies. To navigate this new world, development teams must shift from a reactive, tool-centric model to a proactive, platform-based strategy that integrates security directly into developer workflows to achieve true scale application security," said Jason Schmitt, CEO of Black Duck. 

Schmitt's comments reflect the growing consensus that traditional bolt-on and reactive security approaches are inadequate in the context of accelerated, AI-enabled pipelines.

The workflow integration imperative

When asked about priorities for improving application security testing, 27% of respondents identified better integration with development workflows as the most urgent need. This emphasis reflects a shift towards embedding security earlier and more seamlessly within the software delivery pipeline-a trend seen as necessary to balancing AI's productivity gains with the requirements of operational safety.

The report recommends that executive leaders and DevSecOps practitioners invest in developer-centric security tools and implement robust AI governance frameworks. It also calls for rationalisation of security toolchains to reduce alert noise and duplication, and help teams focus on high-priority risks.

Black Duck's research highlights the challenges and opportunities presented by the increasing adoption of AI in software development, and underscores the importance of establishing new approaches to security that can adapt to the demands of high-velocity development environments.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Cloud breaches driven by identity failures & process flaws
AI adoption in process safety rising but impact on incidents lags
CFOs prioritise data access as overwork undermines decisions
DE-CIX predicts AI revolution in finance, healthcare & industry by 2026
AI agents could save NHS GBP £75 million & free up appointments

Top stories

Check Point scores 99.59% in top firewall security report by NSS
Exclusive: Financial services CIO urges banks to embrace Celonis tech
Trustmarque & Ultima merge to form GBP £1 billion IT giant
Why generic eCommerce platforms aren’t enough for the next generation
Catherine Birkett joins Twinkl to chair Audit & Risk Committee