58% of Organizations Spend Over 10 Hours a Month Securing AI-Generated Code

The rapid adoption of AI‑generated code is reshaping software development, but it also introduces novel security challenges. Cloudsmith’s latest survey shows a majority of organizations are dedicating substantial time—over ten hours per month—to audit and secure AI‑produced snippets, with a notable minority spending more than forty hours. Threat actors exploit AI weaknesses through tactics like "slopsquatting," where fabricated package names are registered for malicious use, amplifying the risk of hidden vulnerabilities slipping into production pipelines.

Regulatory scrutiny is intensifying as governments seek to harden the software supply chain. The EU’s Cyber Resilience Act now requires firms to deliver a comprehensive breach assessment within 48 hours, demanding detailed provenance data for every artifact. Similar pressures arise from NIS2 and FedRAMP mandates, pushing organizations to demonstrate robust controls over third‑party components. Yet the report indicates that 53% of respondents would struggle to compile a full inventory of artifact versions and origins without extensive manual effort, exposing a critical compliance gap.

In response, enterprises are reallocating budgets toward more sophisticated security tooling. Investment in Software Composition Analysis (SCA) and Static Application Security Testing (SAST) tops the list, alongside AI/ML Ops infrastructure that can automate code review and dependency tracking. Internal Developer Portals are also gaining traction, centralizing governance and streamlining provenance reporting. These strategic moves aim to reduce the manual overhead of securing AI code, mitigate supply‑chain attacks, and meet emerging regulatory deadlines, positioning firms to reap AI’s productivity benefits without compromising security.