The software development industry is facing a pivotal moment, with new data revealing both significant productivity enhancements and severe security challenges stemming from artificial intelligence. Consulting firm Ernst & Young (EY) announced it achieved a four to five-fold increase in coding productivity by connecting AI agents to its internal engineering standards, code repositories, and compliance frameworks According to Stephen Newman, EY's Global CTO Engineering Leader, these gains were not immediate, requiring an 18-to-24-month period to build the necessary technical and cultural foundations. This approach ensures the AI generates code that is "integratable" and "compliant," preventing the creation of cleanup work that could offset initial speed advantages
Contrasting with these efficiency gains, Veracode's annual State of Software Security report issues a stark warning about the risks of rapid, AI-assisted development. The report, which analyzed 1.6 million applications, found that more vulnerabilities are being created than fixed, making comprehensive security "unattainable" It highlights a rise in "security debt," defined as known vulnerabilities left unresolved for over a year, which now affects 82% of companies, up from 74% the previous year. The study also noted an increase in high-risk vulnerabilities from 8.3% to 11.3%, underscoring the growing security gap as development velocity increases
Mohsin Rana
