Overview

• Enterprises are rapidly adopting coding assistants, with Checkmarx reporting auto‑generated code is two to three times more vulnerable than human‑written code.
• Traditional AppSec tools struggle with the scale of AI‑driven output, prompting a shift to IDE‑embedded agents that flag issues as code is written.
• Vendors are rolling out agents that cut false positives by up to 80%, prioritize the most consequential findings, and suggest targeted fixes to accelerate remediation.
• New coverage describes agentic systems that build code property graphs to understand context and propose autonomous repairs, though rigorous validation remains essential.
• ESG data shows strong enthusiasm for GenAI use alongside concern about AI risk, while reporting notes attackers experimenting with AI‑generated malware and prompt‑injection techniques.