AI-Driven Development Fuels Surge in Open Source Vulnerabilities, Black Duck Finds

AI‑driven development is reshaping how software is built, slashing coding cycles but also inflating the attack surface. As open source components become ubiquitous—appearing in 98% of modern applications—the sheer volume of dependencies multiplies, making it harder for security teams to maintain visibility. The Black Duck report shows a 30% year‑on‑year rise in component counts and a 74% jump in file numbers, underscoring why traditional scanning tools struggle to keep pace with AI‑generated code that can embed hidden flaws.

Beyond technical risk, the legal landscape is tightening. The surge to 68% of codebases with open source license conflicts coincides with emerging regulations such as the EU Cyber Resilience Act, which mandates clear provenance and compliance documentation. AI coding assistants can inadvertently reproduce code under restrictive licenses, creating intellectual‑property uncertainty and potential fines. Enterprises that fail to audit AI‑produced snippets risk not only security breaches but also costly litigation and loss of market trust.

The visibility gap highlighted by the report—17% of components slipping outside standard package managers—demands a modernized governance framework. Implementing robust Software Bills of Materials (SBOMs), continuous AI model monitoring, and comprehensive review processes that cover security, licensing, and quality are now essential. Companies that invest in automated inventory tools and clear AI usage policies will better meet regulatory expectations, protect their brand, and sustain the speed advantages AI offers without compromising resilience.