Enterprises are shipping so much AI-generated code they can't control or secure it
As AI coding becomes commonplace, organizations are struggling to control what they are shipping
AI code generation is running out of control, with eight-in-ten organizations adopting AI tools faster than they can develop policies to govern them, new research has warned.
According to GitLab's AI Accountability Report, 92% are facing governance challenges with AI-generated code as rapid adoption continues.
More than nine-in-ten have two or more AI coding tools in active use, the study found, while 54% have three or more. Meanwhile, 78% report that developers are writing and committing code faster since adopting AI tools.
Teams are generally happy with the results, with six-in-ten saying that the ROI of AI coding is better than they'd expected. More than three quarters (78%) also report faster code output and 73% said overall code quality has improved.
However, while 79% agree that individual developer productivity has improved with AI, the overall software delivery process has not accelerated at the same pace.
Indeed, 82% say that AI-generated code risks creating a new form of technical debt that organizations aren't prepared to manage.
"AI coding tools have delivered on their promise of speed," said Manav Khurana, chief product and marketing officer at GitLab.
"But the events of the past few months, including supply chain attacks, reliability issues, and regulators tightening expectations around AI traceability and provenance are making clear that speed without control is a liability, not an advantage."
AI coding is creating new bottlenecks
Notably, 85% agree that AI has shifted the bottleneck from writing code to reviewing and validating it, and 84% that the biggest challenge with AI-generated code is governing what happens to it after it's created.
Nearly-three quarters are concerned about the maintainability of AI-generated code in their organization's codebase.
GitLab also raised concerns about a prevailing trend of overconfidence when it comes to AI coding. The majority (87%) said they’re confident that teams could determine within 24 hours whether AI-generated code contributed to a production incident, for example.
Yet more than one-third (34%) of organisations fail to spot potential issues before an incident took place.
This appears to be down to difficulty distinguishing AI-generated from human-written code (43%), fragmented toolchains (40%), and systems that don't track code origin (39%).
Only 28% say their software development lifecycle (SDLC) tools are fully integrated with shared data and workflows.
New governance practices are needed
According to GitLab, what’s missing is clarity around governance. The majority (83%) of organizations identify AI-generated code accumulation as a risk to manage now, with 44% calling it a top technology risk.
On the upside, 91% of survey respondents said they are likely to invest in AI code governance tools in the next 12 months, and 98% have already allocated or expect to allocate budget toward these efforts.
Crucially, 85% agree the next phase of AI in software will focus less on generating code and more on governing it.
"The teams thinking ahead are already asking the harder question: can we actually control all the code we’re generating?" said Khurana.
"The organizations that will ship trusted software faster are the ones building the foundations of accountability with context, traceability, and governance baked into the platform, not just bolted on after the fact."
AI governance has been a persistent challenge for developers, with research from Aikido last year concluding that AI-generated code is now the cause of one-in-five breaches.
The study noted that 69% of security leaders, engineers, and developers had identified serious vulnerabilities in AI-generated code.
FOLLOW US ON SOCIAL MEDIA
Follow ITPro on Google News and add us as a preferred source to keep tabs on all our latest news, analysis, views, and reviews.
You can also follow ITPro on LinkedIn, X, Facebook, and BlueSky.
-
Meet Claude Tag, Anthropic’s new AI teammate that works in SlackNews The new Claude Tag tool will replace the existing Claude in Slack application
-
With jobs on the line, CEOs now demand cyber attack recovery in hours, not days or weeksNews Recovery takes most organizations weeks or months, CEOs think it should be far quicker
-
Enterprises are shipping huge volumes of untested AI-generated code – experts warn it will cause major security issues and have huge financial repercussionsNews With speed routinely prioritized over quality, organizations often respond by taking shortcuts
-
AI might help speed up software development, but 81% of devs now spend more time reviewing code – and it’s creating an ‘invisible work’ trend that’s pushing teams to the limitNews While AI is improving productivity and efficiency, many developers are caught up in a vicious cycle of code reviews and bug hunting
-
Everything you need to know about the GitHub Copilot pricing changesNews GitHub Copilot pricing changes mean users will be charged based on consumption, rather than a set number of credits
-
Developers are slacking on AI-generated code safety – here's why it could come back to haunt themNews While organizations are aware of the risks, many are spending little time or effort on tracking artifact versions, origins, and security attestations
-
Marc Benioff thinks AI isn't quite ready to replace software engineersNews Claims of AI replacing software engineers aren't fully reflected in big tech hiring trends, according to Marc Benioff
-
'AI doesn't solve the burnout problem. If anything, it amplifies it': AI coding tools might supercharge software development, but working at 'machine speed' has a big impact on developersNews Developers using AI coding tools are shipping products faster, but velocity is creating cracks across the delivery pipeline
-
‘AI tools are now able to transcend their initial training’: Researchers taught GPT-5 to learn an obscure programming language on its ownNews OpenAI’s GPT-5 learned to code in Idris despite a lack of available data, baffling researchers
-
Microsoft CEO Satya Nadella says 'anyone can be a software developer' with AI, but skills and experience are still vitalNews AI will cause job losses in software development, Nadella admitted, but claimed many will reskill and adapt to new ways of working
