Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

If you think AI-generated code is saving time and boosting productivity, you’re right. But here’s the problem: it’s also introducing security vulnerabilities at an alarming rate. Our latest research reveals that 45% of AI-generated code contains security flaws, turning what should be a productivity breakthrough into a potential security nightmare.

Modern software development thrives on speed and innovation, fueled by open-source libraries and third-party components. These resources are essential; they accelerate development cycles, reduce costs, and enable teams to bring complex projects to life. But with great reliance comes great risk. The software supply chain is under attack, and vulnerabilities hidden within can create massive security, operational, and compliance challenges.

For years, the cybersecurity industry has hyped AI as a game-changer, but what vendors often delivered was basic machine learning driven or simple predefined rules. The rise of ChatGPT and similar tools dramatically reshaped the landscape, prompting vendors to hastily identify real AI use cases in their offerings.

In today’s fast-moving world of cloud-native development and CI/CD pipelines, code flows from commit to production faster than ever. And with that speed comes risk. That’s why code scanning in SCM (Source Code Management) has become a critical part of modern DevSecOps. Veracode’s new SCM Integration makes it easy to secure applications from the very first commit, directly within the SCM, without disrupting developer workflows.

Download the Gartner 2025 Market Guide for Software Supply Chain Security (SSCS) to learn how to protect your organization. Software supply chain attacks are a top threat to enterprises worldwide. These sophisticated attacks target everything from open-source components and third-party APIs to critical DevOps toolchains. If you’re building software, your supply chain is a prime target.

If you regularly work across IDEs, you’ve probably noticed how security tools often behave inconsistently. One plugin might work well in VS Code but feel clunky in PyCharm or Visual Studio. We set out to change that. The Veracode Scan plugin delivers a consistent, reliable experience across VS Code, JetBrains IDEs, Eclipse, and Visual Studio — helping developers focus on writing secure code, not troubleshooting plugins.

A new era of software engineering is emerging, with artificial intelligence (AI) at the forefront. As the 2025 Gartner Innovation Insight for AI-Native Software Engineering report states: “AI-native software engineering will require software engineering leaders to mitigate new risks and tackle new challenges.” Here are the key insights and perspectives that will help you navigate the new normal.

Another year, another Black Hat USA. And what a show it was as thousands descended on the Entertainment Capital of the World. The conference returned to the Mandalay Bay Convention Center in Las Vegas with a packed six-day program, kicking off with four days of specialized cybersecurity trainings, followed by the main expo on August 6-7.

Customers that have embraced DevOps often ask me for the best metrics to measure their program. I always advocate focusing on policy compliance as the number one metric for understanding your risk, as this provides a succinct measurement of the security of your applications. However, if you are looking to measure and motivate development teams, policy compliance doesn’t give you the granularity to introduce gamification or incentives.