"The surge in AI-assisted development is creating a 'velocity gap' where the density of high-impact vulnerabilities is scaling faster than remediation workflows. The ratio of critical findings to raw alerts nearly tripled, moving from 0.035% to 0.092%."
"Technical severity scores are no longer the primary driver of risk. The most common elevation factors were High Business Priority (27.76%) and PII Processing (22.08%). In modern environments, where a vulnerability lives is now more important than what the vulnerability is."
"We observed a direct correlation between the adoption of AI coding tools and the quadrupling of critical findings, averaging 795 per organization, up from 202. Increased code velocity is yielding more complex, context-dependent flaws that bypass basic linting and legacy scanners."
"Insurance firms showed the highest density of critical findings (1.76%), while the Automotive sector generated the highest raw volume of alerts, likely due to the massive scale of codebase expansion in software-defined vehicles."
Over a 90-day period, OX Security analyzed 216 million security findings across 250 organizations. Raw alert volume increased by 52%, while prioritized critical risk findings grew by nearly 400%. The rise in AI-assisted development has created a 'velocity gap', leading to a tripling of the ratio of critical findings to raw alerts. Key factors influencing risk include business context rather than just technical severity. The adoption of AI coding tools correlates with a significant increase in critical findings, with sector variance observed in risk profiles across industries.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]