AI Adoption in Software Development Increases Cybersecurity Risks
A surge in the use of AI-powered coding and automation tools is reshaping software development and cybersecurity practices, with recent industry reports highlighting a significant rise in vulnerabilities and incidents linked to AI-generated code. Surveys of security professionals and executives reveal that a substantial portion of production code is now written by AI, but security guardrails and oversight have not kept pace, leading to new flaws and uncertainty over accountability when breaches occur. Despite optimism about AI's future capabilities, most organizations have already experienced negative impacts, and only a small fraction of CEOs express confidence in their AI systems' ability to protect sensitive data.
The rapid adoption of AI has also intensified the overall cybersecurity threat landscape, as cybercriminals leverage AI to accelerate attack timelines and enhance social engineering tactics. Notably, there has been a dramatic increase in voice phishing attacks and a reduction in attacker breakout times, underscoring the urgency for stronger governance, training, and formal controls around AI use. Security leaders are urged to prioritize data integrity, secure AI supply chains, and integrate security into AI development processes to address these evolving risks.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
4 events from the most recent confirmed update back to the earliest known activity.
Cloudsmith report details AI code oversight and supply chain security gaps
Cloudsmith's 2026 Artifact Management Report found widespread adoption of AI-generated code but weak security validation, limited auditing, and poor provenance tracking for AI-related artifacts. The report warned these shortcomings increase software supply chain and compliance risk, including difficulty producing SBOMs and provenance documentation under emerging regulations.
Further reporting compares AI coding output to junior developers
On October 27, 2025, additional coverage said AI-generated code often resembled junior developer output and was contributing to ongoing code security risks. This expanded the narrative around AI-assisted development creating persistent application security challenges.
Analysis warns AI-generated code is creating security cleanup work
Reporting on October 24, 2025 said software produced with AI tools was introducing quality and security issues that human developers and security teams then had to remediate. The event reflects public disclosure of concerns about AI-assisted coding practices and their downstream security burden.
Reports highlight AI adoption increasing cybersecurity strain
Industry reporting in late October 2025 said growing enterprise AI adoption was intensifying pressure on cybersecurity teams and expanding security risk exposure. The coverage framed AI use as a broad operational and defensive challenge rather than a single incident.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
4 references tracked. Mallory keeps watching after this page renders.
Developers are slacking on AI-generated code safety - here's why it could come back to haunt them | IT Pro
itpro.com
Open sourceAI writes code like a junior dev, and security is feeling it
helpnetsecurity.com
Open sourceWhen AI writes code, humans clean up the mess
helpnetsecurity.com
Open sourceAI adoption intensifies cybersecurity strain, report finds
scworld.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
AI-Driven Software Development and Security Risks in the Enterprise
Organizations are rapidly integrating AI into software development pipelines, with AI-generated code now present in every surveyed environment and a significant portion of codebases produced by AI tools. Security leaders report increased risk due to limited visibility into where and how AI is used, the proliferation of shadow AI, and the introduction of logic flaws or insecure patterns by autonomous agents. The lack of oversight and formal controls over AI-generated code and tools has expanded the attack surface, making product security and supply chain integrity top priorities for 2026. Industry experts emphasize the need for responsible adoption of AI-driven security tools, highlighting the importance of evaluation, deployment, and governance to maintain control and transparency. New frameworks, such as the AI Vulnerability Scoring System (AIVSS), are being developed to address the unique, non-deterministic risks posed by agentic and autonomous AI systems, which traditional models like CVSS cannot adequately capture. The shift to runtime application security and the management of non-human identities further underscore the evolving landscape, as organizations seek to balance innovation with robust security practices.
Jun 29, 2026
AI Adoption and Risks in Enterprise Cybersecurity
A global shift is underway as artificial intelligence becomes the top investment priority for cybersecurity among organizations, according to a recent PwC survey of nearly 4,000 business and technology executives. Sixty percent of respondents indicated that AI technologies are their primary focus for cybersecurity spending in the coming year, with key use cases including threat hunting, AI agents, event detection, and behavioral analysis. This surge in AI adoption is driven in part by ongoing skills shortages, with over half of organizations prioritizing AI and machine learning tools to close capability gaps. Additionally, 38% of companies are turning to managed service providers to access the necessary AI expertise. However, the rapid integration of AI into enterprise environments is not without significant risks. New research from LayerX reveals that AI has already become the leading uncontrolled channel for corporate data exfiltration, surpassing traditional risks like shadow SaaS and unmanaged file sharing. The report highlights that 45% of enterprise employees use generative AI tools, such as ChatGPT, Claude, and Copilot, with AI accounting for 11% of all enterprise application activity. Alarmingly, 67% of AI usage occurs through unmanaged personal accounts, leaving security teams with little visibility or control over sensitive data flows. The research found that 40% of files uploaded to generative AI platforms contain personally identifiable information (PII) or payment card information (PCI), and a significant portion of these uploads are conducted via personal accounts. Traditional data loss prevention (DLP) tools are often ineffective in this context, as they are not designed to monitor or control the new channels introduced by AI tools. Experts warn that the lack of governance and oversight around AI usage in enterprises creates substantial risks, including the potential for AI agents to access sensitive data beyond their intended scope if not properly managed. The PwC survey also notes that organizations are balancing investments between proactive technologies, such as monitoring and testing, and reactive measures like incident response and recovery. As AI becomes more deeply embedded in cybersecurity operations, the need for robust governance, least-privilege access for AI agents, and updated security controls is increasingly urgent. The evolving geopolitical landscape further complicates the risk environment, making it critical for organizations to understand both the opportunities and threats posed by AI in cybersecurity. The convergence of rapid AI adoption and insufficient controls underscores the importance of immediate action to secure enterprise data and workflows against emerging AI-driven threats.
Jun 29, 2026
AI Security Risks and Defensive Innovations in Cybersecurity
AI is rapidly transforming the cybersecurity landscape, introducing both significant risks and powerful new defensive capabilities. The widespread adoption of AI tools in the workplace has led to a surge in employees using these technologies, with 65% of people now utilizing AI tools, up from 44% the previous year. However, this increased usage has not been matched by adequate security training, as 58% of employees have received no instruction on AI security or privacy risks. This gap has resulted in sensitive business information, including internal documents, financial data, and client details, being routinely entered into AI systems, raising the risk of data leakage and unauthorized access. Employees express substantial concern about AI's potential to amplify cybercrime, facilitate scams, bypass security systems, and enable identity impersonation, yet only 45% trust companies to implement AI securely. In parallel, AI is being leveraged by both attackers and defenders, with advanced models now capable of simulating and even outperforming human teams in vulnerability discovery and remediation. For example, AI models have been used to replicate major historical cyberattacks in simulation, demonstrating their potential for both offensive and defensive applications. In cybersecurity competitions, AI-driven systems have successfully identified and patched vulnerabilities, sometimes uncovering previously unknown flaws. Organizations like Anthropic have invested in enhancing their AI models to assist defenders, enabling the detection, analysis, and remediation of vulnerabilities in both code and deployed systems. These advancements have led to AI models matching or surpassing previous state-of-the-art systems in cyber defense tasks. At the same time, threat actors are exploiting AI to scale their operations, prompting security teams to develop new safeguards and monitoring techniques. The dual-use nature of AI in cybersecurity underscores the urgent need for robust security awareness training, updated policies, and technical controls to manage the risks associated with AI adoption. As AI continues to evolve, defenders must stay ahead by integrating AI-driven tools into their security operations while remaining vigilant against emerging threats. The current state of AI security is described as precarious, with urgent calls for organizations to address the human and technical factors contributing to risk. The future of cybersecurity will be defined by the ongoing arms race between AI-powered attackers and increasingly sophisticated AI-enabled defenders, making continuous adaptation and investment in AI security essential for organizational resilience.
Jun 29, 2026