- Checkmarx says 75% of companies knowingly release vulnerable code into production.
- AI generated development is shrinking vulnerability exploitation time from days to potentially one minute.
- Vibe coded applications are exposing sensitive data due to weak security practices.
- Healthcare and other critical sectors face growing risks from insecure AI driven software.
Artificial intelligence is changing software development at a pace few industries can keep up with. Code that once took teams weeks to build can now be generated in minutes with AI assistants and chatbot driven programming tools. But while productivity is soaring, security teams are struggling to contain the fallout.
A new report from Checkmarx reveals a troubling reality across the software industry. Many organizations are knowingly releasing vulnerable applications into production because fixing security flaws can no longer keep up with modern development speed. What was once considered a dangerous exception is rapidly becoming routine business practice.
The findings paint a picture of an industry caught between pressure to ship faster and the growing inability to secure what it builds.
Companies Are Shipping Vulnerable Code on Purpose
According to the research, 75% of organizations admitted they often or sometimes deploy applications despite knowing the code contains security weaknesses. For many security professionals, that number confirms what has quietly become standard behavior across development teams.
The logic behind the decision is not entirely reckless. Years ago, businesses had a significant buffer between the discovery of a vulnerability and its real world exploitation. In 2018, attackers reportedly took an average of 840 days to weaponize newly discovered flaws. That gave developers time to patch issues after launch without facing immediate consequences.
That safety window has now collapsed.
Researchers warn that vulnerabilities today can be exploited in less than two days. Even more concerning is the prediction that within the next two years, attackers could move from discovery to exploitation in as little as one minute.
For organizations running large software ecosystems, that kind of timeline changes everything. Security teams no longer have the luxury of delayed remediation cycles or patch management plans spread across weeks or months. By the time a vulnerability is identified internally, attackers may already be exploiting it in the wild.
AI Coding Tools Are Accelerating the Problem
The rapid adoption of AI generated code is a major reason security teams are losing ground.
Modern AI coding assistants can produce working applications almost instantly, helping developers automate repetitive tasks and accelerate product delivery. But these systems are also generating insecure code patterns at scale. Developers are increasingly relying on outputs they may not fully understand, especially when deadlines are tight.
This becomes even more dangerous in the rise of so called vibe coding. These are applications built almost entirely through conversations with AI chatbots, often with little or no manual code review involved.
Security researchers have repeatedly warned that many vibe coded applications contain glaring weaknesses. Common problems include poor authentication systems, exposed databases, insecure APIs, and misconfigured cloud services. In many cases, applications are being pushed live before anyone performs a serious security assessment.
Recent findings highlighted by Wired reportedly uncovered more than 5,000 publicly exposed applications leaking sensitive information online. The exposed data allegedly included medical records, financial details, customer conversations, and internal corporate information.
That level of exposure shows how quickly convenience can turn into liability when development speed overtakes security discipline.
Healthcare and Critical Industries Face Growing Pressure
The report specifically points to healthcare as one of the sectors facing the highest level of risk.
Hospitals and healthcare providers already deal with constant ransomware attacks, aging infrastructure, and mounting regulatory scrutiny. Many organizations also rely heavily on third party software vendors, creating additional supply chain vulnerabilities.
The aftermath of the Change Healthcare cyberattack has only intensified concerns around operational resilience and software security across the healthcare sector. As AI generated development becomes more common, the possibility of insecure applications entering critical systems is becoming harder to ignore.
For industries handling highly sensitive data, even a short vulnerability exposure window can lead to catastrophic consequences.
Security Teams Are Falling Behind the Speed of AI
The broader issue is not simply that AI can generate flawed code. The real challenge is that human remediation processes are still operating at traditional speed while attackers and developers now move at machine pace.
Security scanning tools can detect vulnerabilities faster than ever before, but detection alone is no longer enough. Many organizations lack the resources, staffing, or development cycles needed to fix issues before software reaches production.
As a result, businesses are increasingly making calculated risk decisions. Instead of delaying launches, they release applications with known flaws and hope patches arrive before attackers do.
That strategy becomes far more dangerous in a world where exploit development may soon happen almost instantly.
The industry now faces a difficult balancing act. AI powered development is delivering undeniable productivity gains, but without stronger oversight, secure coding practices, and automated remediation systems, the same technology could fuel an unprecedented wave of software vulnerabilities.
For many organizations, the question is no longer whether insecure AI generated code exists. The question is whether current security models can survive the speed at which AI is reshaping software development.
Follow TechBSB For More Updates
