International Cyber Expo International Cyber Expo
  • About Us
Tuesday, 14 July, 2026
IT Security Guru
International Cyber Expo
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

AI-Driven Development Fuels Surge in Open Source Vulnerabilities, Black Duck Finds

by Guru Writer
February 26, 2026
in Featured
AI-Driven Development Fuels Surge in Open Source Vulnerabilities, Black Duck Finds
Share on FacebookShare on Twitter

A sharp rise in AI-assisted software development is driving unprecedented increases in open source security and licensing risk, according to new research from Black Duck.

The company’s 2026 Open Source Security and Risk Analysis (OSSRA) report reveals that vulnerabilities in commercial software codebases have more than doubled year-on-year, highlighting growing concerns that organisations are producing software faster than they can effectively secure or govern it.

Based on an analysis of 947 commercial codebases spanning 17 industries, the report paints a picture of a rapidly expanding software attack surface driven by the widespread adoption of open source components and AI-generated code.

Vulnerabilities reach historic levels

The research found that the average number of open source vulnerabilities per application increased by 107%, reaching 581 per codebase, while 87% of audited applications contained at least one known vulnerability. Open source software is now effectively universal, appearing in 98% of codebases, meaning almost every modern application inherits third-party risk.

At the same time, software complexity continues to grow rapidly. Open source component counts rose by 30% year-on-year, while the number of files in codebases increased by 74%, further complicating visibility and risk management efforts. According to Black Duck, the increasing use of AI models in development environments is introducing a new and largely unregulated attack surface.

AI is accelerating legal and compliance exposure

Beyond security concerns, the report highlights mounting legal and licensing risks linked to AI-generated code. Two-thirds (68%) of audited codebases were found to contain open source licence conflicts, the highest rate recorded in the history of the OSSRA study, and a significant increase from the previous year.

AI coding tools may reproduce code governed by restrictive licences, creating intellectual property uncertainty and compliance challenges for organisations operating under emerging regulations such as the EU Cyber Resilience Act.

Despite widespread adoption of AI development tools, governance practices appear to lag behind usage. While most organisations assess AI-generated code for security risks, only 24% conduct comprehensive reviews that cover security, licensing, intellectual property, and quality considerations.

Visibility gap creates growing risk

The report also identifies a widening visibility gap across modern software supply chains. Around 17% of open source components enter applications outside standard package managers, including copied code snippets, vendor dependencies, binaries, and AI-generated outputs, making them difficult to detect with traditional scanning methods.

Jason Schmitt, CEO of Black Duck, said the findings demonstrate how fundamentally AI has reshaped software risk.

“AI has fundamentally changed the economics of software development — and with it, the economics of software risk. The pace at which software is created now exceeds the pace at which most organisations can secure it,” he said .

Governance struggles to keep pace

The OSSRA report concludes that organisations must modernise software supply chain governance to maintain visibility into open source components and embedded AI models. Without improved inventory tracking, software bills of materials (SBOMs), and AI governance policies, enterprises may struggle to meet rising regulatory expectations and customer demands for transparency. As AI-assisted development becomes inseparable from modern software creation, the research suggests that visibility, rather than speed alone, will increasingly determine organisational resilience and trust.

ShareTweet
Previous Post

SMBs Struggle to Translate Cybersecurity Investment into Real-World Resilience, Study Finds

Next Post

Forescout and Netskope Deliver Universal Zero Trust Integration Across Managed and Unmanaged Devices

Recent News

Q&A: Cyber’s Headed Back to the CSIDES

Q&A: Cyber’s Headed Back to the CSIDES

July 13, 2026

UK Cyber Attacks Climb 34% as Ransomware Leadership Shifts, Check Point Research Reveals

July 13, 2026
Cyber Shield

UK Government Unveils AI Powered Cyber Shield to Strengthen National Cyber Defense

July 10, 2026
KnowBe4 phishing by industry

Healthcare, Hospitality and Construction Named UK’s Most Phishing-Prone Industries

July 10, 2026

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol

  • About Us
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol