Black Duck’s State of AI-Powered Software Development report finds AI coding tools have reached 97 percent adoption at large enterprises. Nevertheless, only about a third of teams have full governance in place. Those that have done their homework here report significantly better efficiency gains, and fewer security headaches.
To be more specific: the surveyed developers all work at organizations with at least 500 employees. The companies in question are mostly (78 percent) in the tech and SaaS fields, with respondents skewing heavily towards C-suite or senior leadership (52 percent).
In any case, it appears AI coding assistants are now essentially universal in enterprise software development. There are some good reasons for this to be found in the report. AI tools save developers an average of eight hours per week. That productivity does come with a catch. Ninety percent of respondents encounter some form of issue with AI-generated code. Bottlenecks have shifted from writing code to validating it: manual review (52 percent), security testing (51 percent), and code rework (48 percent) are all stacking up. That is a rising concern, as shown by the fact nearly half of AI-generated code contains vulnerabilities.
Security concerns are mounting
The security picture is really just as important as the overall adoption. Combined, one can easily envisage AI-driven software flaws becoming a headache for years to come. 64 percent of respondents said they are moderately or extremely concerned about AI-generated code introducing security defects or vulnerabilities. When asked about preferred remedies, 56 percent want a dedicated AI security agent, separate from the coding tool itself. And 84 percent of respondents still prefer human oversight, described in the report as “a critical check in the AI-assisted SDLC.”
Assuming AI can safeguard AI assumes the technology is robust enough to resolve its self-introduced issues. We’re glad those surveyed are at least conscious of the issue; we’re just not sure they’re all heading towards a permanent fix anytime soon.
Governance is the differentiator
Developers needn’t rely on their opinions, or they should at least enshrine soms common best practices to combat the ills of AI here. The big problem identified in the report is that governance processes have simply not kept pace with the volume of code being produced. Only about a third of teams have full governance over their AI coding tools. Or, well, they claim to have it. Other statistics make a compelling case for investing in such governance. Developers who say their teams have full governance in place are 55 percent more likely to report a major improvement in efficiency. And 68 percent of all respondents say an automated system for tracking AI-generated code deployment is extremely important.
Black Duck CEO Jason Schmitt says: “AI coding assistants have permanently changed the economics of software development, and the productivity numbers make that undeniable. But the data also clearly shows that speed without governance is a liability, not an advantage.”