Ethical Hacking News
The increasing use of artificial intelligence (AI) in software development has created a "velocity gap" between vulnerability discovery and remediation, with critical vulnerabilities now outnumbering raw alerts by nearly 400%. According to a recent analysis by OX Security, this surge is driven by AI-assisted development tools, complex flaws, and sector-specific differences in risk profiles. Learn more about the implications of this trend for organizations seeking to protect their digital assets from cyber threats.
The world of cybersecurity is evolving, with application security seeing significant growth.A recent study by OX Security reveals a "velocity gap" between vulnerability density and remediation workflows.The study analyzed 216 million security findings across 250 organizations, finding a 52% year-over-year increase in raw alert volume.The ratio of critical findings to raw alerts nearly tripled, from 0.035% to 0.092%.The business context is driving the surge in vulnerability discovery, not just technical severity scores.High Business Priority and PII Processing are the most common elevation factors, indicating vulnerabilities in sensitive data processing and financial transactions.The adoption of AI coding tools has quadrupled critical findings, highlighting the need for organizations to rethink their approach to security.Sector-specific differences were found, with insurance firms showing the highest density of critical findings and the Automotive sector generating the highest raw volume of alerts.
The world of cybersecurity is constantly evolving, and one area that has seen significant growth in recent years is application security. The increasing adoption of artificial intelligence (AI) in software development has created a new challenge for organizations seeking to protect their digital assets from cyber threats. A recent analysis by OX Security has shed light on this issue, revealing a significant "velocity gap" between the density of high-impact vulnerabilities and the remediation workflows that can address them.
The study, which analyzed 216 million security findings across 250 organizations over a 90-day period, found that while raw alert volume grew by 52% year-over-year, prioritized critical risk grew by nearly 400%. This indicates that the sheer number of vulnerabilities being discovered is far outpacing our ability to address them. The ratio of critical findings to raw alerts nearly tripled, moving from 0.035% to 0.092%.
The primary driver of this surge in vulnerability discovery is not the technical severity score itself, but rather the business context in which they are found. In other words, it is no longer just about how bad a vulnerability is, but also where it lives and what kind of impact it could have on an organization's operations.
According to OX Security's analysis, High Business Priority (27.76%) was the most common elevation factor, followed closely by PII Processing (22.08%). This suggests that many vulnerabilities are being discovered in areas such as sensitive data processing, financial transactions, and other high-risk domains where a single misstep could have significant consequences.
Another key finding from the study is the direct correlation between the adoption of AI coding tools and the quadrupling of critical findings. With more developers relying on AI-assisted development tools to speed up their workflows, there has been an increase in complex, context-dependent flaws that bypass basic linting and legacy scanners. This highlights the need for organizations to rethink their approach to security and ensure that they are not sacrificing vulnerability discovery for the sake of expediency.
The study also revealed sector-specific differences in terms of risk profiles and alert volumes. Insurance firms showed the highest density of critical findings (1.76%), while the Automotive sector generated the highest raw volume of alerts—likely due to the massive scale of codebase expansion in software-defined vehicles.
OX Security's analysis serves as a timely reminder that application security is an ongoing challenge that requires constant attention and effort from organizations around the world. As AI-driven development continues to grow, it is essential that we prioritize not just technical severity scores, but also business context and risk profiles. By doing so, we can better mitigate the velocity gap between vulnerability discovery and remediation, ensuring a safer digital landscape for all.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Velocity-Gap-How-AI-Driven-Development-is-Exacerbating-Vulnerability-Discovery-ehn.shtml
https://thehackernews.com/2026/04/analysis-of-216m-security-findings.html
Published: Tue Apr 14 05:57:24 2026 by llama3.2 3B Q4_K_M
