Rapid AI-driven development makes security unattainable, warns Veracode
The Register
February 26, 2026
AI-Generated Deep Dive Summary
Veracode’s latest report reveals a concerning trend: the rapid pace of AI-driven development is making comprehensive software security unattainable, as more vulnerabilities are being created than fixed. The annual State of Software Security report, analyzing data from 1.6 million applications, shows that "security debt"—defined as unresolved vulnerabilities for over a year—affects 82% of companies, up from 74% in the previous year. High-risk vulnerabilities, which are severe and likely to be exploited, have increased from 8.3% to 11.3%. This rise is attributed to the accelerating release cycles and the growing complexity of code, particularly with AI-generated code, which complicates remediation efforts.
The report highlights that while the number of applications with open-source vulnerabilities has decreased slightly (from 70% to 62%), the overall "flaw prevalence" remains steady at 78%. However, the increasing use of testing tools is identifying more issues, potentially uncovering problems that were previously missed. Despite these advancements, the gap between creating and fixing vulnerabilities continues to widen, reaching crisis proportions, according to Veracode.
The report attributes this trend to the rapid pace of software releases, where new code is added faster than existing vulnerabilities can be addressed. Additionally, AI tools, while capable of identifying and automating fixes, are also contributing to challenges such as false positives and potential exploitation by malicious actors through techniques like prompt injection. For instance, Cloudflare’s recent experiment, where a significant application was built in just one week with minimal human oversight, underscores the risks of relying too heavily on AI without sufficient human review.
While AI tools offer promise for improving security, they also create new challenges, such as generating false positives and complicating manual code reviews. Veracode emphasizes the importance of human oversight to complement AI-driven efforts, but the report acknowledges that the industry’s current approach is insufficient. The need for transformational change is clear: incremental improvements will not bridge the growing remediation gap.
This issue matters significantly to businesses and developers in the tech industry, as unaddressed vulnerabilities can lead to severe consequences, including data breaches and system failures. While AI tools can enhance security by identifying vulnerabilities and automating fixes, their limitations highlight the need for a balanced approach that combines advanced technology with rigorous human oversight. The report’s findings serve as a wake-up call for organizations to prioritize comprehensive security strategies in an era of rapid technological advancement.
Verticals
tech
Originally published on The Register on 2/26/2026