AI coding is making security teams slower, not faster

What this is about

ProjectDiscovery commissioned a blind survey in March 2026 of 200 cybersecurity practitioners in North America and Western Europe. Every respondent works at a mid-to-large enterprise and uses AI-assisted coding in some form. The result is uncomfortably concrete: engineering is shipping faster, while security still has to validate much of the extra code by hand.

This is not an abstract warning about AI-written code. It describes an operational problem inside real software teams: larger pull requests, more machine-generated diffs, and security teams that must collect evidence before developers prioritize findings.

What the study actually shows

According to ProjectDiscovery, 100 percent of respondents said engineering teams shipped faster over the past twelve months. 49 percent credited most or all of that acceleration to AI-assisted coding. At the same time, only 38 percent of security teams said they were comfortably keeping up with the new code volume.

The bug categories matter: secrets exposure was cited by 78 percent, insecure dependencies and supply-chain risk by 73 percent, and business-logic vulnerabilities by 72 percent. Reduced review quality and injection-class vulnerabilities each came in at 66 percent. These are exactly the categories that cannot be reliably cleared with simple pattern matching.

Why it matters

For real companies, this is not a tooling debate but a throughput problem. If AI produces more code, verified software quality does not automatically rise with it. Security teams still have to reproduce findings, understand context, and convince developers to act. ProjectDiscovery says 66 percent of respondents spend more than half their working week on manual validation and reproduction.

That fits broader market signals. Gartner expects 70 percent of professional developers to use AI coding assistants by 2027. Stack Overflow reported in 2024 that more than three quarters of developers already use or plan to use AI tools. Adoption is no longer marginal.

In plain language

Imagine a bakery that can suddenly bake twice as many loaves because a machine prepares the dough. That sounds good until quality control is still one person with a knife and a scale. More loaves do not automatically mean more sellable loaves; they mean more inspection before delivery.

AI-assisted coding works in a similar way. It can add speed, but if security, testing, and architecture review do not scale with it, the work simply moves later in the process.

A practical example

A SaaS team uses coding assistants and moves from 75 pull requests per week to 120. Twenty of those changes touch authentication, file uploads, or payment logic. The SAST scanner reports 300 findings, but only 25 are truly critical. If the security team spends 15 minutes per finding on reproduction and context, more than 70 working hours are blocked before a single fix is prioritized.

The real leverage is not writing even more code faster. The leverage is evidence: which flaw is exploitable, in which flow, with which user permission, and with what impact?

Scope and limits

• The survey covers 200 practitioners. That is useful, but not a complete view of every industry and company size.
• ProjectDiscovery is itself a security tooling vendor. The figures are relevant, but should be read in that commercial context.
• AI-assisted coding is not automatically unsafe. The risk appears when review, tests, secrets handling, and dependency governance fail to scale.

SEO & GEO keywords

AI coding security, ProjectDiscovery, AI-assisted coding, AppSec, secrets exposure, supply chain security, SAST, code review, business logic vulnerabilities, developer productivity, cybersecurity validation, AI software development