Organizations are pushing AI-generated code into production faster than teams can police the results, according to a Flux survey of more than 300 engineering leaders conducted by Dimensional Research. The findings uncover fertile ground for Flux, an engineering-intelligence startup that received $5 million in venture funding last month, and for partners that can help businesses address security lapses.
AI code is proliferating, regardless of the dangers, the report found. Roughly 45% of respondents said their organization had AI-generated code in production and 35% had AI coding assistants on projects that have yet to ship. Security issues presented the biggest challenge for engineering teams, ahead of dependency and performance changes.
AI governance issues are an expanding services opportunity for channel partners. Organizations need help tracking AI-written code, assessing potential risks and upgrading existing security controls.
“Engineering leaders are being asked to embrace AI while simultaneously justifying the expense and mitigating the risk, typically with the same tools they used before AI wrote any code,” Ted Julian, CEO and founder of Flux, said in a Tuesday press release. “You can't bolt AI-speed development onto a human-speed view of the codebase and stay in control.”
AI has driven most organizations to rework engineering processes. Four in 5 respondents reported changes to software development and release workflows.
Yet, some of the highest-risk changes remain the most difficult to see.
For managed IT and security services partners, there’s now an opportunity to help their client nail down AI coding security before productivity gains lead to incident response work.
Flux identifies several additional weaknesses in AI coding workflows. Only 3.6% of respondents said AI-introduced issues never reach production and nearly one-third acknowledged that oversights happen occasionally.
Organizations are aware of the risks. Nearly half had purchased code quality analysis tools and more than two-thirds used automated code review, Flux found.
Tooling, however, does not address the process issues. While more than half of respondents said their organization had AI coding guidelines, 49% required further training, and roughly 40% planned to assign additional developers to code reviews. The fallout has left leaders to grapple with basic questions about AI coding, including which repositories are most exposed and when changes require human signoff.
The partner opportunity extends beyond engineering. Security stakeholders were the most likely to have concerns about AI-generated code, followed by compliance teams, CTOs and CIOs.
AI code controls can be framed as an engineering modernization project, a security program, a compliance readiness effort or a risk-management priority, depending on a customer’s needs.
“Many teams still measure success by how much code they ship,” Aaron Beals, CTO of Flux, said in the release. “Instead, they must treat shipping AI-generated code as a risk decision, scaling review to match AI outputs, investing in safeguards, using code-first visibility to surface risky changes and hotspots, and keeping humans in the loop on key decisions.”