Nearly half of developers using AI to support operations say their codebases are now largely AI-generated, new research shows.
A survey from Cloudsmith found 42% of developers admitted to having AI-filled codebases, with respondents noting that the use of AI has helped them markedly improve productivity and efficiency.
Yet despite the influx of AI-generated code, long-standing best practices are being overlooked, the study warned. Just over two-thirds (67%) of developers said they review code before deployments, raising concerns over software security.
Glenn Weinstein, CEO at Cloudsmith, said the use of AI in software development does present opportunities for development teams, but warned against placing complete faith in AI.
“Software development teams are shipping faster, with more AI-generated code and AI agent-led updates,” he said.
“AI tools have had a huge impact on developer productivity, which is great. That said, with potentially less human scrutiny on generated code, it’s more important that leaders ensure the right automated controls are in place for the software supply chain.”
The study noted that a growing number of developers are not only becoming reliant on AI-generated code, but are also placing a greater degree of trust in code written by AI tools.
Around 20% said they trust AI-generated code “completely”, the study found.
Notably, there are those in the profession taking a more considered approach to the use of AI in code generation. More than half (59%) said they apply additional scrutiny to AI-generated packages, for example, but a gap on enforcement is emerging at some enterprises.
Around 17% said they have no control policies in place over the use of AI in development processes, or for the use of AI-generated code. Similarly, roughly one-third (34%) noted they use tools that enforce policies specific to AI-generated packages, but this still leaves a glaring gap and could leave them open to threats.
The rise of generative AI and its use in software development has been mirrored by a significant rise in “AI-specific exploits”, Cloudsmith noted. Among those highlighted in the study were ‘slopsquatting’, whereby attackers weaponize hallucinated package names suggested by coding assistants.
Developers and security practitioners alike also voiced concerns over their ability to spot potential exploits of flaws, with just 29% stating they feel “very confident” in their ability to detect vulnerabilities.
This is particularly risky when working with open source libraries, the study warned, where AI tools are likely to draw suggestions.
AI-generated code is in vogue
The use of AI-generated code has become a big talking point in the tech industry over the last year, with some leading companies having turned to the trend to speed up development.
In November last year, Google CEO Sundar Pichai revealed that around a quarter of the tech giant’s internal source code was AI-generated, and that’s likely increased since then.
Speaking during an earnings call at the time, Pichai said Google was using AI across development teams both to speed up coding processes and to reduce manual toil for developers.
Notably, Pichai insisted that all AI-generated code was subject to robust safety checks by human workers. Engineers are often kept in the loop to review this code, he noted.
Microsoft has also jumped on the bandwagon in this regard. During an appearance at Meta’s LlamaCon conference in April, CEO Satya Nadella told Mark Zuckerberg up to 30% of its code was written with AI.
“I’d say maybe 20%, 30% of the code that is inside of our repos today and some of our projects are probably all written by software,” Nadella told Zuckerberg.
Nadella expects the volume of AI-generated code at the company to also steadily increase in the coming years.
MORE FROM ITPRO
- Half of developers want to quit over "embarrassing" tech stack
- Shifting left might improve software security, but developers are becoming overwhelmed
- AI coding tools are finally delivering results for enterprises
-
Mistral targets security-conscious developers with new AI coding assistantThe coding assistant, available now in private preview, will be fully customizable
-
Shifting left might improve software security, but developers are becoming overwhelmed – communication barriers, tool sprawl, and ‘vulnerability overload’ are causing serious headaches for development teamsNews Developers are becoming overwhelmed amid the 'shift left' in development practices, new research shows.
-
The NCSC wants developers to get serious on software securityNews The NCSC's new Software Security Code of Practice has been welcomed by cyber professionals as a positive step toward bolstering software supply chain security.
-
Redis unveils new tools for developers working on AI applicationsNews Redis has announced new tools aimed at making it easier for AI developers to build applications and optimize large language model (LLM) outputs.
-
AI was a harbinger of doom for low-code solutions, but peaceful coexistence is possible – developers still love the time savings and simplicity despite the allure of popular AI coding toolsNews The impact of AI coding tools on the low-code market hasn't been quite as disastrous as predicted
-
Red teaming comes to the fore as devs tackle AI application flawsNews Only a third of organizations employ adequate testing practices in AI application development, according to new research, prompting calls for increased red teaming to reduce risks.
-
‘Frontier models are still unable to solve the majority of tasks’: AI might not replace software engineers just yet – OpenAI researchers found leading models and coding tools still lag behind humans on basic tasksNews AI might not replace software engineers just yet as new research from OpenAI reveals ongoing weaknesses in the technology.
-
‘Awesome for the community’: DeepSeek open sourced its code repositories, and experts think it could give competitors a scareNews Challenger AI startup DeepSeek has open-sourced some of its code repositories in a move that experts told ITPro puts the firm ahead of the competition on model transparency.
