.png?width=1816&height=566&name=brandmark-design%20(83).png "Tech Channels - IT News, Resources & Insights")
Over 80 percent of application security professionals admitted to knowingly deploying vulnerable software, driven not by ignorance, but by deadlines, pressure, and a lack of viable alternatives, recent research shows.
A survey of over 1,500 application security professionals, conducted by Censuswide for Checkmarx, reveals an alarming contradiction: While nearly every organization knows they’re exposed, most continue to release vulnerable code with eyes wide open, new research shows (Checkmarx, 2025).
Put it another way, most organizations are aware they’re deploying flawed software, yet they proceed regardless, because the architecture of modern software delivery is optimized for shipping features, not for preventing fallout. Eran Kinsbruner, portfolio marketing VP at Checkmarx, points to AI, telling Infosecurity Magazine that “AI-generated code will continue to proliferate; secure software will be the competitive differentiator in the coming years” (Infosecurity Magazine, 2025).
And for a growing number of teams, this isn’t a one-off event: 27% have been breached four or more times due to known code flaws. The question now isn’t “if” the next breach will happen, it’s actually which one’s already live and quietly exploitable. The industry, it appears, has normalized failure by design.
Business logic flaws. API misconfigurations. Privileged misuse. Supply chain attacks. The sources of risk are multiplying, but our ability to detect and resolve them is not. Add to this the fact that 35 percent of respondents expect a software supply chain compromise in the next 18 months. Not "fear," but “expect.” Yet few organizations have sufficient observability into their dependencies or the tooling to detect tampering before it metastasizes downstream. We are building complex, interconnected systems on foundations we neither own nor control—and doing so at unprecedented speed.
Artificial intelligence promises acceleration, productivity, and code generation at scale. But what happens when that scale comes without scrutiny?
Gasoline is likely being poured on an already unstable fire. A third of developers surveyed say over 60 percent of their current codebase is AI-generated, yet fewer than 20 percent have formal approval to use those tools. They are overwhelmed by alerts. Without triage or context, they can’t distinguish critical flaws from noise. This surge in automated output is being trained on flawed open-source repositories. We are scaling code reuse without scaling review, and we are embedding flawed logic into the core of our systems at unprecedented speed.
Development teams are rewarded for speed, but penalized (if at all) only after failure. Until that changes, secure code will remain a secondary concern: one more task on a growing list that gets deprioritized when the feature backlog grows or launch dates loom.
The most dangerous line in software today is: “We’ll patch it later.” That assumption, rooted in the myth of post-production remediation, is costing organizations millions, fracturing user trust, and eroding the viability of fast-paced innovation itself.
