{"id":47918,"date":"2026-04-11T20:08:14","date_gmt":"2026-04-11T20:08:14","guid":{"rendered":"https:\/\/foreignnewstoday.com\/?p=47918"},"modified":"2026-04-11T20:08:14","modified_gmt":"2026-04-11T20:08:14","slug":"developers-are-slacking-on-ai-generated-code-safety-heres-why-it-could-come-back-to-haunt-them","status":"publish","type":"post","link":"https:\/\/foreignnewstoday.com\/?p=47918","title":{"rendered":"Developers are slacking on AI-generated code safety \u2013 here&#8217;s why it could come back to haunt them"},"content":{"rendered":"<p><br \/>\n<br \/><\/p>\n<div id=\"article-body\">\n<p id=\"elk-39babba5-bd0b-4a64-9387-c493f5e21731\">Organizations are taking a slapdash approach to <a data-analytics-id=\"inline-link\" href=\"https:\/\/www.itpro.com\/technology\/artificial-intelligence\/ai-generated-code-risks-what-cisos-need-to-know\" data-url=\"https:\/\/www.itpro.com\/technology\/artificial-intelligence\/ai-generated-code-risks-what-cisos-need-to-know\" data-hl-processed=\"none\" data-mrf-recirculation=\"inline-link\" data-before-rewrite-localise=\"https:\/\/www.itpro.com\/technology\/artificial-intelligence\/ai-generated-code-risks-what-cisos-need-to-know\">AI-generated code<\/a>, with many spending far too little time on oversight, new research suggests.<\/p>\n<p id=\"elk-f8da67b9-9361-4a59-ae53-be380b2da87c\">The vast majority (93%) of respondents to Cloudsmith&#8217;s 2026 <a data-analytics-id=\"inline-link\" href=\"https:\/\/cloudsmith.com\/campaigns\/2026-artifact-management-report\" target=\"_blank\" data-url=\"https:\/\/cloudsmith.com\/campaigns\/2026-artifact-management-report\" referrerpolicy=\"no-referrer-when-downgrade\" data-hl-processed=\"none\" data-mrf-recirculation=\"inline-link\"><u><em>Artifact Management Report<\/em><\/u><\/a> said their organization was using AI-generated code, more than twice as many as last year.<\/p>\n<p><a id=\"elk-seasonal\"\/><\/p>\n<aside data-block-type=\"embed\" data-render-type=\"fte\" data-skip=\"dealsy\" data-widget-type=\"seasonal\" class=\"hawk-root\"\/>\n<p id=\"elk-44924eba-3c47-4049-90db-69b7f5989f34-0\">Yet despite this sharp increase, around than one-third (31%) spend 10 hours or less per month validating, auditing, or securing it. Indeed, just 58% spend at least 11 hours per month on this front while one-in-twenty said they don&#8217;t audit AI code at all.<\/p>\n<p id=\"elk-a029e43f-ac4a-4d5d-8eb6-16291046fad9\">While <a data-analytics-id=\"inline-link\" href=\"https:\/\/www.itpro.com\/technology\/artificial-intelligence\/the-risks-of-open-source-ai-models\" data-url=\"https:\/\/www.itpro.com\/technology\/artificial-intelligence\/the-risks-of-open-source-ai-models\" data-hl-processed=\"none\" data-mrf-recirculation=\"inline-link\" data-before-rewrite-localise=\"https:\/\/www.itpro.com\/technology\/artificial-intelligence\/the-risks-of-open-source-ai-models\">AI models<\/a> have become a leading artifact type, only 12% of organizations are managing them using the same security policies and provenance tracking as traditional binaries, such as language packages and operating system libraries.<\/p>\n<p id=\"elk-0ad9df92-eed2-4639-b693-58a0eaff86ff\">This is despite the fact that organizations are mostly aware of the risks, with only 17% very confident that AI is not introducing new vulnerabilities into their codebase.<\/p>\n<p id=\"elk-a27e852e-295b-41d8-a6f0-ef5b4a1d952f\">\u201cWe are at a huge inflection point in the history of software development. In a matter of months, we\u2019ve gone from, \u2018<em>How can AI help me write better code?<\/em>\u2019 to, \u2018<em>How can I help AI write better code?<\/em>\u2019\u201d, said Glenn Weinstein, CEO of Cloudsmith.<\/p>\n<p id=\"elk-a8be0268-041f-4a86-993b-a4efac91b38f\">&#8220;But at the same time, <a data-analytics-id=\"inline-link\" href=\"https:\/\/www.itpro.com\/technology\/artificial-intelligence\/amazing-ai-tools-to-try-today\" data-url=\"https:\/\/www.itpro.com\/technology\/artificial-intelligence\/amazing-ai-tools-to-try-today\" data-hl-processed=\"none\" data-mrf-recirculation=\"inline-link\" data-before-rewrite-localise=\"https:\/\/www.itpro.com\/technology\/artificial-intelligence\/amazing-ai-tools-to-try-today\">AI tools<\/a> are expanding the attack surface, introducing more open source dependencies. And those same tools are being used by malicious actors to find more vulnerabilities in existing libraries, leading to more CVEs.\u201d<\/p>\n<div id=\"slice-container-newsletterForm-articleInbodyContent-AZq6Xay2YMUB3atnBA4wMX\" class=\"slice-container newsletter-inbodyContent-slice newsletterForm-articleInbodyContent-AZq6Xay2YMUB3atnBA4wMX slice-container-newsletterForm\">\n<div data-hydrate=\"true\" class=\"newsletter-form__wrapper newsletter-form__wrapper--inbodyContent\">\n<div class=\"newsletter-form__container\">\n<section class=\"newsletter-form__top-bar\"\/>\n<section class=\"newsletter-form__main-section\">\n<p class=\"newsletter-form__strapline\">Sign up today and you will receive a free copy of our Future Focus 2025 report &#8211; the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives<\/p>\n<\/section>\n<\/div>\n<\/div>\n<\/div>\n<p><a id=\"elk-d6a5eb4c-2690-4805-984c-53b31cf51686\"\/><\/p>\n<h2 id=\"sloppy-practices-could-come-back-to-haunt-devs-3\">Sloppy practices could come back to haunt devs<\/h2>\n<p id=\"elk-0fdc21aa-a280-4120-8c6f-144b0a63b1df\">Poor security practices on this front could have wide-reaching regulatory implications for enterprises, the study warned.<\/p>\n<p>Under the EU\u2019s <a data-analytics-id=\"inline-link\" href=\"https:\/\/www.itpro.com\/business\/policy-and-legislation\/what-is-the-eus-cyber-resilience-act-cra\" data-url=\"https:\/\/www.itpro.com\/business\/policy-and-legislation\/what-is-the-eus-cyber-resilience-act-cra\" data-hl-processed=\"none\" data-mrf-recirculation=\"inline-link\" data-before-rewrite-localise=\"https:\/\/www.itpro.com\/business\/policy-and-legislation\/what-is-the-eus-cyber-resilience-act-cra\">Cyber Resilience Act (CRA)<\/a>, organizations are required to provide a detailed assessment 48 hours after becoming aware of a breach \u2013 and this includes providing provenance data.<\/p>\n<p id=\"elk-8b1c98c3-b7be-4e9d-934e-91b913b9b054\">More than half (53%) of respondents told Cloudsmith they&#8217;d need to put in a significant amount of manual effort or time to produce a comprehensive report of artifact versions, origins, and security attestations.<\/p>\n<p id=\"elk-d330329d-5c87-4b2a-a391-a576ef2879ad\">Only a quarter of engineering teams automatically generate and verify <a data-analytics-id=\"inline-link\" href=\"https:\/\/www.itpro.com\/security\/software-security-overhauled-for-the-better-thanks-to-us-legislation\" data-url=\"https:\/\/www.itpro.com\/security\/software-security-overhauled-for-the-better-thanks-to-us-legislation\" data-hl-processed=\"none\" data-mrf-recirculation=\"inline-link\" data-before-rewrite-localise=\"https:\/\/www.itpro.com\/security\/software-security-overhauled-for-the-better-thanks-to-us-legislation\">Software Bills of Materials (SBOMs)<\/a> at every build, with the rest doing it manually, reactively, or only when an auditor asks.<\/p>\n<p id=\"elk-83dfebc0-4f1b-4e59-ace9-502c3d984171\">Notably, nearly three-quarters (74%) said they&#8217;d struggle to produce a complete report quickly if they were hit with a surprise audit tomorrow.<\/p>\n<p id=\"elk-0d9b2d5c-d829-4f59-a18e-a54d923594ee\">The majority (83%) run outdated artifact management systems, often because they&#8217;re worried that upgrading is risky or painful.<\/p>\n<p><a id=\"elk-6e4d720a-c13d-47a8-b2ac-2f7b61e11c6a\"\/><\/p>\n<h2 id=\"software-supply-chain-threats-are-growing-3\">Software supply chain threats are growing<\/h2>\n<p id=\"elk-63ae1f97-cce3-48e6-8805-6d401fef1ecf\">Weak software supply chain security has become a high-profile issue over the last year, not least with the <a data-analytics-id=\"inline-link\" href=\"https:\/\/www.itpro.com\/security\/cyber-attacks\/the-build-pipeline-is-becoming-the-new-frontline-axios-npm-compromise-highlights-growing-software-supply-chain-risks-experts-warn\" data-url=\"https:\/\/www.itpro.com\/security\/cyber-attacks\/the-build-pipeline-is-becoming-the-new-frontline-axios-npm-compromise-highlights-growing-software-supply-chain-risks-experts-warn\" data-hl-processed=\"none\" data-mrf-recirculation=\"inline-link\" data-before-rewrite-localise=\"https:\/\/www.itpro.com\/security\/cyber-attacks\/the-build-pipeline-is-becoming-the-new-frontline-axios-npm-compromise-highlights-growing-software-supply-chain-risks-experts-warn\"><u>Axios npm compromise<\/u><\/a> that hit earlier this month.<\/p>\n<p id=\"elk-6920de96-d377-472f-9252-6e3ec9d18062\">With threat campaigns including <a data-analytics-id=\"inline-link\" href=\"https:\/\/www.itpro.com\/security\/cyber-attacks\/malicious-github-repositories-target-users-with-malware\" data-url=\"https:\/\/www.itpro.com\/security\/cyber-attacks\/malicious-github-repositories-target-users-with-malware\" data-hl-processed=\"none\" data-mrf-recirculation=\"inline-link\" data-before-rewrite-localise=\"https:\/\/www.itpro.com\/security\/cyber-attacks\/malicious-github-repositories-target-users-with-malware\">Shai Hulud 2.0<\/a> and SANDWORM_MODE specifically targeting the software supply chain via upstream repositories, 44% of respondents said they&#8217;d experienced a security incident caused by a third-party dependency.<\/p>\n<p id=\"elk-4ce3ef1e-56a6-43f7-866f-fb9acf02aafe\">The same number said their organization spent over 50 hours per month investigating potential security issues linked to third-party dependencies, whether or not they resulted in a breach.<\/p>\n<p id=\"elk-97a71462-4ac4-443b-aba6-7b9518c3c05d\">\u201cAgentic development is an incredibly powerful way to build software, and teams will be far more productive and write even more software as a result. That is a good thing, because the world certainly needs more software and more automation,&#8221; said Weinstein.<\/p>\n<p id=\"elk-2350c2a1-f801-4124-9d07-3fe5d9a2c692\">&#8220;For enterprises to manage this new velocity and productivity, automated guardrails and context are the new keys to unlock the production of safer, more efficient code.\u201d<\/p>\n<p><a id=\"elk-follow-us-on-social-media\"\/><\/p>\n<h3 class=\"article-body__section\" id=\"section-follow-us-on-social-media\"><span>FOLLOW US ON SOCIAL MEDIA<\/span><\/h3>\n<p id=\"elk-74cf6fab-bed1-4c3c-8a22-ee516b8ed142\"><a data-analytics-id=\"inline-link\" href=\"https:\/\/news.google.com\/publications\/CAAqIggKIhxDQklTRHdnTWFnc0tDV2wwY0hKdkxtTnZiU2dBUAE?ceid=GB:en&amp;oc=3&amp;hl=en-GB&amp;gl=GB\" data-url=\"https:\/\/news.google.com\/publications\/CAAqIggKIhxDQklTRHdnTWFnc0tDV2wwY0hKdkxtTnZiU2dBUAE?ceid=GB:en&amp;oc=3&amp;hl=en-GB&amp;gl=GB\" target=\"_blank\" referrerpolicy=\"no-referrer-when-downgrade\" data-hl-processed=\"none\" data-mrf-recirculation=\"inline-link\"><em>Follow ITPro on Google News<\/em><\/a><em> and <\/em><a data-analytics-id=\"inline-link\" href=\"https:\/\/www.google.com\/preferences\/source?q=itpro.com\" data-url=\"https:\/\/www.google.com\/preferences\/source?q=itpro.com\" target=\"_blank\" referrerpolicy=\"no-referrer-when-downgrade\" data-hl-processed=\"none\" data-mrf-recirculation=\"inline-link\"><em>add us as a preferred source<\/em><\/a><em> to keep tabs on all our latest news, analysis, views, and reviews.<\/em><\/p>\n<p><em>You can also <\/em><a data-analytics-id=\"inline-link\" href=\"https:\/\/www.linkedin.com\/company\/itpro-uk\" target=\"_blank\" data-url=\"https:\/\/www.linkedin.com\/company\/itpro-uk\" referrerpolicy=\"no-referrer-when-downgrade\" data-hl-processed=\"none\" data-mrf-recirculation=\"inline-link\"><em>follow ITPro on LinkedIn<\/em><\/a><em>, <\/em><a data-analytics-id=\"inline-link\" href=\"https:\/\/x.com\/ITPro\" target=\"_blank\" data-url=\"https:\/\/x.com\/ITPro\" referrerpolicy=\"no-referrer-when-downgrade\" data-hl-processed=\"none\" data-mrf-recirculation=\"inline-link\"><em>X<\/em><\/a><em>, <\/em><a data-analytics-id=\"inline-link\" href=\"https:\/\/www.facebook.com\/ITProUK\/\" target=\"_blank\" data-url=\"https:\/\/www.facebook.com\/ITProUK\/\" referrerpolicy=\"no-referrer-when-downgrade\" data-hl-processed=\"none\" data-mrf-recirculation=\"inline-link\"><em>Facebook<\/em><\/a><em>, and <\/em><a data-analytics-id=\"inline-link\" href=\"https:\/\/bsky.app\/profile\/itpro.com\" target=\"_blank\" data-url=\"https:\/\/bsky.app\/profile\/itpro.com\" referrerpolicy=\"no-referrer-when-downgrade\" data-hl-processed=\"none\" data-mrf-recirculation=\"inline-link\"><em>BlueSky<\/em><\/a><em>.<\/em><\/p>\n<\/div>\n<p><br \/>\n<br \/><a href=\"https:\/\/www.itpro.com\/software\/development\/developers-are-slacking-on-ai-generated-code-safety-heres-why-it-could-come-back-to-haunt-them\">Source link <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Organizations are taking a slapdash approach to AI-generated code, with many spending far too little time on oversight, new research suggests. The vast majority (93%) of&hellip;<\/p>\n","protected":false},"author":1,"featured_media":47919,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_lmt_disableupdate":"","_lmt_disable":"","footnotes":""},"categories":[32],"tags":[],"class_list":["post-47918","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/foreignnewstoday.com\/index.php?rest_route=\/wp\/v2\/posts\/47918","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/foreignnewstoday.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/foreignnewstoday.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/foreignnewstoday.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/foreignnewstoday.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=47918"}],"version-history":[{"count":0,"href":"https:\/\/foreignnewstoday.com\/index.php?rest_route=\/wp\/v2\/posts\/47918\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/foreignnewstoday.com\/index.php?rest_route=\/wp\/v2\/media\/47919"}],"wp:attachment":[{"href":"https:\/\/foreignnewstoday.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=47918"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/foreignnewstoday.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=47918"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/foreignnewstoday.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=47918"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}