Codebase is now mostly AI-generated

New research from Cloudsmith found 42% of developers using AI in their workflows say at least half of their current codebase is now AI-generated. Yet only 67% of those developers review this code before every deployment, despite the rise of AI-specific exploits like ‘slopsquatting,’ where attackers weaponize hallucinated package names suggested by coding assistants.

The findings, released today in the Cloudsmith 2025 Artifact Management Report, highlight a widening gap between AI adoption in software development and oversight of the associated risks. 20% of developers said they trust AI-generated code “completely”. While 59% apply additional scrutiny to AI-generated packages, only 34% use tools that enforce policies specific to AI-generated artifacts, and 17% report having no such controls in place at all. 

 

“Software development teams are shipping faster, with more AI-generated code and AI agent-led updates,” said Glenn Weinstein, CEO at Cloudsmith. “AI tools have had a huge impact on developer productivity, which is great. That said, with potentially less human scrutiny on generated code, it’s more important that leaders ensure the right automated controls are in place for the software supply chain.”

 

The report also found that 86% of developers have seen an increase in use of AI-influenced packages or dependencies over the past year, with 40% calling that increase “significant”. Despite this, only 29% of respondents felt “very confident” in their ability to detect vulnerabilities within open-source libraries, where AI tooling is likely to draw suggestions.

 

“Controlling the software supply chain is the first step towards securing it,” added Weinstein. “Automated checks and use of curated artifact repositories can help developers spot issues early in the development lifecycle.”

Arctera unveils updates to help organisations manage AI compliance risks through capture,...
Parallel Works introduces its ACTIVATE AI Partner Ecosystem, enhancing AI infrastructure with...
Korean researchers develop a cutting-edge NPU core enhancing generative AI performance by over 60%...
As AI adoption lags among UK SMEs, potential risks emerge. How can small businesses overcome...
Palo Alto Networks enhances its AI security portfolio by acquiring Protect AI, aiming to secure the...
Commvault plans to acquire Satori Cyber Ltd to bolster its data security and AI governance...
OutSystems launches the Early Access Program for Agent Workbench, designed to streamline AI-driven...
Survey data reveals AI's role as an assistive tool in cybersecurity, highlighting potential areas...