Faster code, greater risks: The security trade-off of AI-driven development

New research from Apiiro uncovers key trends in AI-powered code creation and application security business risks.

Summary

The rise of GenAI code assistants like GitHub Copilot has dramatically increased code creation velocity in the past two years, even as the number of developers has remained steady. However, this acceleration comes with significant security risks: a 3X surge in repositories containing PII and payment data, a 10X increase in APIs missing authorization and input validation, and a growing number of exposed sensitive API endpoints. As AI-generated code scales, so do application security risks, underscoring the need for stronger risk detection and governance.

Gartner’s research supports these findings, highlighting the detrimental effects of traditional manual security and risk management review processes in an era dominated by AI-assisted code generation. These outdated practices are hindering business growth and innovation.

Methodology: The findings are based on aggregated, anonymized, proprietary, first-party data from millions of code lines and dozens of enterprises across financial services, industrial manufacturing, and technology, stored and evaluated leveraging deep code analysis (DCA) by Apiiro, the leading Application Security and ASPM software vendor.

AI code assistants are driving code growth far beyond the increase in developers

AI code assistants have seen rapid adoption since the launch of ChatGPT in November 2022. Microsoft reports that more than 150 million developers now use GitHub Copilot, up 50% over the past 2 years.

Apiiro’s data further illustrates this acceleration: since Q3 2022, the number of pull requests (PRs) has surged by 70%, far outpacing the 30% growth in repositories and the 20% increase in developers, as shown in the chart below.

Faster code, greater risks: The security trade-off of AI-driven development

This surge in pull requests points to the significant impact of generative AI, enabling developers to produce more code at a faster pace.

However, increased code output comes with risks. 

APIs exposing sensitive data nearly double as code volume surges

As shown in the chart below, the number of APIs in development that expose sensitive data is rising alongside the growth in repositories.

This puts added pressure on developers, whose numbers aren’t growing as fast as the volume of code and the rise in endpoints exposing sensitive data.

Why is this happening? AI-generated code is speeding up development, but AI assistants lack a full understanding of organizational risk and compliance policies. Without enough personnel for close review, organizations are increasingly exposing more sensitive data.

PII and payment data in code: A 3X surge driven by AI code assistants 

Apiiro’s Material Code Change Detection Engine, which scans each Commit in real-time, detected a 3X increase in repositories containing Personally Identifiable Information (PII) and Payment Data since Q2 2023.

This surge aligns with the growing use of generative AI (GenAI) in code generation, which is driving the spread of sensitive data across repositories at an accelerated pace.

10X surge in APIs missing authorization and input validation

But the risks go beyond just PII exposure. Apiiro’s Material Code Change Detection Engine also detected a 10X surge in repositories containing APIs with missing authorization and input validation over the past year.

This trend suggests that the rapid adoption of GenAI-generated code is introducing critical security risks, highlighting the urgent need for proactive risk detection and governance.

Apiiro helps companies realize the benefits of AI assisted coding while prioritizing, remediating, and preventing the associated risks based on the organization’s risk policy. Apiiro’s platform identifies high risk code, like that often written by AI assistants, so companies can prioritize the review and address of any risks that come along with increased developer productivity.

About Apiiro

Apiiro is the ASPM platform that empowers you to design, develop, and deliver secure code faster. Companies like Morgan Stanley, Blackrock, Rakuten, SoFi, and Shell rely on Apiiro’s patented technology to automatically discover their software architecture and identify risky changes across all code, supply chain, and infrastructure components – so they can prevent application risk without slowing innovation. The company is backed by Greylock, Kleiner Perkins, and General Catalyst.