70% of devs say AI code has more vulns; 30% ship it anyway — Checkmarx survey

✍️ OpenClawRadar📅 Published: June 26, 2026🔗 Source
70% of devs say AI code has more vulns; 30% ship it anyway — Checkmarx survey
Ad

Checkmarx's annual AppSec survey of 2,350 global developers, CISOs, and AppSec managers reveals a grim picture: 70% of respondents believe AI-generated code contains significantly more vulnerabilities, yet 30% knowingly ship vulnerable code into production. The 2026 survey follows similar reports since 2023, with a 54% larger sample this year.

Ad

Key findings

  • AI-generated code share dropped slightly — from 54% to 49% of production code, but still high.
  • 70% report significantly more vulnerabilities with AI-generated code vs human-written code.
  • 30% knowingly ship vulnerable AI code into production, citing pressure to deploy quickly, difficulty fixing, or reliance on other controls.
  • 93% of organizations suffered one or more security breaches from vulnerable applications (down from 98% last year).
  • Open source accounts for 59% of production code, adding risk from malicious packages in npm, PyPI.
  • Orgs where 81-100% of code is AI-generated ship vulnerable code at 3.4x the rate of those at 1-20% adoption.

Checkmarx researchers found that LLMs tend to underutilize modern language and compiler security features because training data contains outdated practices. A separate study from University of Central Florida and Birzeit University showed C code had the most AI-generated vulnerabilities, Python the fewest.

Quote from the report: "Risk is normalized." The authors caution that AI code volume correlates directly with vulnerable code deployment and breach frequency.

📖 Read the full source: HN AI Agents

Ad

👀 See Also