Nine in Ten Security Leaders Concerned About AI-Generated Code Risks as Salt Security Launches New Governance Tool

AI coding assistants like GitHub Copilot, Claude Code, and Gemini have become mainstream, now responsible for roughly half of all code committed on platforms such as GitHub. Salt Security’s survey of 100 senior security professionals shows that 90% view the rapid rise of machine‑generated code as a security liability, with 29% pinpointing insecure coding patterns and 15% flagging policy drift. The data underscores a growing tension: developers crave speed, while security teams struggle to keep pace with the volume and opacity of AI‑produced snippets.

Traditional security controls—static analysis, manual code reviews, and post‑commit testing—were designed for human‑written code and are proving inadequate. The study reveals that only 38% of organizations still rely primarily on manual reviews, a model that quickly becomes unmanageable as AI output scales. Salt’s new product, Salt Code, tackles this gap by integrating the company’s Posture Governance Engine directly into the AI assistant workflow. Policy packs covering OWASP API Top 10, LLM security, and OpenAPI compliance are applied at the moment a developer prompts the AI, ensuring that insecure patterns are blocked before they enter the codebase.

Analysts predict that governance will become the defining challenge of the next AI‑assisted development wave. By shifting security enforcement upstream, tools like Salt Code promise to reduce “security drift” and align AI output with enterprise compliance frameworks. For large enterprises—especially those with over 500 employees—the ability to standardise policy enforcement across distributed teams could be a decisive competitive advantage, turning a potential liability into a controlled, auditable component of the software supply chain.