The rapid adoption of generative AI (GenAI) has prompted a seismic shift in how organizations approach application security. A report by Cycode reveals that 72% of security leaders agree a complete reset of strategies is essential to address the challenges posed by AI.
With an astonishing 93 billion lines of code generated in the past year, much of it driven by AI, the sheer volume of code is overwhelming security teams. Notably, 73% of leaders confirm that “code is everywhere,” amplifying the urgency to address this challenge head-on.
The complexities of managing the attack surface are further highlighted by the finding that 59% of security professionals consider it unmanageable, with GenAI emerging as the leading blind spot. This aligns with IDC's DevSecOps research, which ranks insecure AI-generated code among the top application security challenges for 2024. In response, security budgets are expected to grow by 50% in the next year. However, this increase comes with its own complications, as organizations already grapple with tool sprawl—using an average of 50 security tools—resulting in operational inefficiencies, alert fatigue, and collaboration barriers between security and development teams.
Tool sprawl not only complicates operations but also exacerbates the existing cybersecurity talent gap. Cycode’s report indicates that 83% of security professionals believe that having too many tools requires specialist skills, which are increasingly hard to find. This shortage has left organizations struggling to balance application security needs with the limited availability of skilled professionals. To combat these challenges, 88% of respondents plan to consolidate their tools into unified platforms, such as Application Security Posture Management (ASPM), which 90% of current users report has significantly improved risk management and collaboration efforts.
Lior Levy, Co-founder and CEO of Cycode, underscores the critical need for a reset in application security strategies, emphasizing that innovation and security need not be at odds. The report, based on insights from 700 CISOs and security professionals across the US, UK, and Germany, paints a clear picture: the future of application security lies in stronger investments in code security, streamlined tools, and collaborative approaches to managing risk in an increasingly complex landscape.
