An IDC Analyst Brief commissioned by ActiveState, "Securing Open Source at Scale," finds that roughly 97% of organizations use AI coding assistants in some form within their daily development workflows, warning that this has become a new open source (OSS) intake channel most governance programs never accounted for.
IDC Analyst Brief · Software Supply Chain
AI Coding Assistants Are the New Open Source Intake Channel — and Governance Can't Keep Up
Nearly all organizations now run AI assistants in daily developer workflows, pulling in open source dependencies faster than any manual review or periodic scan can track.
~97%
of organizations use AI coding assistants in daily workflows
~40%
of AI-generated code is accepted with little or no modification
100%
of surveyed codebases contain AI-generated code
Adoption vs. Oversight
Share of organizations using AI assistants — against the security teams that can actually see what's being pulled in.
~97%
Use AI coding assistants
~19%
Security teams with full visibility
How AI Bypasses Traditional Governance
AI assistant suggests open source component
→
Developer accepts ~40% with no change
→
Dependency enters codebase
→
Manual review & periodic scans left behind
Valued
Productivity gains and automation of routine tasks
Help understanding opaque modules and refactoring
Concern
Verbose "AI slop" sharply raises review burden
Unverified components widen supply chain risk
"Slopsquatting" exploits lookalike package names
The Stakes
With SolarWinds, Log4Shell and xz Utils still fresh, AI-driven dependency intake multiplies the surface for vulnerabilities, malware injection and license violations.
Confirmed cases include malicious code reaching production via AI assistants and extension-based attacks targeting Cursor and Windsurf — pushing vendors toward curated catalogs, full transitive-dependency evaluation and automated provenance for the AI era.
Continue reading The rest of this article is for AI News Blitz readers. Choose an option below to keep reading.
Already purchased? Sign in ✓ Signed in — this article isn’t included in your current plan.Unlocking the full article…