Nearly all firms admit they have shipped code they know is vulnerable
- Checkmarx research found 75% of organizations knowingly ship vulnerable code
- The time‑to‑exploit window is expected to shrink to just one minute, raising urgent risks for some sectors
- Vibe‑coded apps built entirely via AI chat are compounding exposure
Artificial Intelligence (AI) has made it unaffordable for organizations to ship code they already know is vulnerable, but they seem to be doing so anyway, new research has claimed.
Security experts Checkmarx found shipping vulnerable code became “standard operating behavior”, with 75% of organizations admitting they often or sometimes deploy code they already know is vulnerable.
It is hinted in the announcement that companies were making somewhat calculated risks: less than a decade ago (in 2018), the average time to exploit a software vulnerability was 840 days. That was more than enough time to ship a product, get it running, and then sort out the kinks along the way.
AI ex machina
However, AI tools have completely flipped the script – with the report arguing today, it takes less than two days to exploit a vulnerability, and that in less than two years, the time-to-exploit window will shrink even further, down to just one minute.
Checkmarx says this warning will be “particularly relevant” for healthcare, given the fact that hospitals and health systems are already facing escalating ransomware attacks, third-party software risk, and growing regulatory pressure, especially in the aftermath of the Change Healthcare incident.
Vibe-coded apps (solutions built entirely by chatting with an AI, without manual review of the code) will only compound the problem, it seems. Recent Wired research suggested that plenty of vibe-coded web apps were being pushed live with “weak or nonexistent auth, exposed data, and basic security flaws.”
The report, which was released earlier this month, claims that the researchers found more than 5,000 apps that were exposing corporate or personal data on the open web. It included medical data, financial information, internal corporate data, as well as customer chats.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.
#Cybersecurity #VulnerableCode #AI #TechNews #SoftwareSecurity #Checkmarx #AppSecurity #Ransomware #DataProtection #ExploitPrevention #HealthcareSecurity #VibeCoding #SecureCoding #DevOps #SecurityAwareness #InfoSec #TechTrends #DigitalSafety
#firms #admit #shipped #code #vulnerable
Visit: Source link