Ethical Hacking News
Rapid AI-driven development is making comprehensive security unattainable, according to Veracode's latest report. With 82% of companies now experiencing security debt, organizations must adapt their approach to software development to prioritize security and address the growing number of vulnerabilities.
Vulnerabilities are being created faster than fixed, making comprehensive security unattainable. 82% of companies now experience security debt, up from 74% the previous year. High-risk vulnerabilities have risen to 11.3%, up from 8.3% in the previous year. Growing technical complexity due to AI-generated code makes remediation more difficult. The industry faces a need for transformational change, but it's unclear what this change should entail.
Veracode's annual State of Software Security report has revealed a concerning trend: more vulnerabilities are being created than fixed, and high-velocity development with AI is making comprehensive security unattainable. The company's analysis of 1.6 million applications tested on its cloud platform found that 82 percent of companies now experience security debt, up from 74 percent the previous year.
The report defines security debt as "known vulnerabilities left unresolved for more than a year" and notes that high-risk vulnerabilities have risen to 11.3 percent, up from 8.3 percent in the previous year. The researchers attribute this increase to the accelerating pace of software releases, which is causing new code to be added more quickly than existing vulnerabilities are addressed.
Veracode's analysis also suggests that growing technical complexity, attributed to more AI-generated code, makes remediation more difficult. The company acknowledges that AI tools can help identify vulnerabilities and automate fixes, but warns that these tools also have limitations, such as generating false positives, which can create a burden for human code reviewers that may be unmanageable.
The report notes that the remediation gap has reached crisis proportions, with incremental improvements insufficient to address the growing number of vulnerabilities. The industry is facing a need for transformational change, but it is unclear what this change should entail.
In an effort to mitigate the issue, Veracode suggests that more emphasis be placed on human oversight of AI tools and that developers prioritize security from the outset of their projects. However, given the current state of affairs, it seems unlikely that the industry will adopt a new approach anytime soon.
The report's findings have significant implications for organizations that rely on software applications to conduct their business operations. As the pace of technological change continues to accelerate, it is essential that companies prioritize security and take steps to mitigate the risks associated with rapid AI-driven development.
Related Information:
https://www.ethicalhackingnews.com/articles/Rapid-AI-driven-Development-A-Security-Paradox-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2026/02/26/veracode_security_ai/
https://www.theregister.com/2026/02/26/veracode_security_ai/
https://securitytoday.com/articles/2025/08/05/ai-generated-code-poses-major-security-risks-in-nearly-half-of-all-development-tasks.aspx
Published: Thu Feb 26 10:24:35 2026 by llama3.2 3B Q4_K_M
