Black Duck has released its latest research, The State of AI-Powered Software Development, highlighting a growing tension in enterprise engineering: AI coding assistants are significantly improving productivity, but they are also introducing new governance gaps and security risks across the software development lifecycle.
The study shows that while AI tools are now nearly universally adopted in enterprise environments, organizations are struggling to implement the security, review, and governance frameworks required to manage AI-generated code at scale.
The report finds that AI-powered coding assistants have become standard practice across enterprise software engineering teams, with nearly all surveyed organizations adopting them in some capacity. Developers report significant gains in productivity and release velocity, with many reclaiming substantial time previously spent on manual coding tasks.
According to the study, more than half of respondents have increased total code output by over 25%, signaling a major acceleration in software development throughput driven by AI assistance.
However, this productivity gain is shifting effort rather than eliminating it, with developers spending more time on review, testing, and remediation activities downstream in the development lifecycle.
One of the most significant findings in the report is the widening gap between AI adoption and governance readiness. While most organizations have rapidly integrated AI coding tools into development workflows, formal oversight mechanisms have not kept pace.
Two-thirds of developers say automated tracking and governance of AI-generated code is essential for debugging, security, and accountability. Yet only 30% of teams currently have comprehensive governance systems in place.
The report also finds that organizations with strong governance frameworks are 55% more likely to report major efficiency improvements, positioning governance not as a compliance requirement but as a direct performance driver.
As AI-generated code volume increases, security concerns are rising across development teams. Nearly 90% of respondents report encountering issues with AI-generated code, particularly in areas such as manual code review, security testing, and rework.
A majority of developers (64%) express moderate to high concern that AI coding assistants may introduce vulnerabilities or security defects into production systems. This concern is especially pronounced among heavy AI users, suggesting that exposure to AI-generated code increases awareness of potential risks.
The study also highlights that manual security processes are struggling to scale alongside accelerated code generation, expanding the potential attack surface in enterprise applications.
Despite growing automation, developers continue to emphasize the importance of human oversight in the software development lifecycle. A large majority of respondents prefer maintaining human-in-the-loop workflows through mechanisms such as pull requests and real-time code suggestions.
At the same time, there is strong support for AI-based code review systems, with 86% of developers believing AI agents should evaluate AI-generated code. Many favor a hybrid approach combining dedicated AI security agents with human review to ensure both speed and accuracy.
This reflects an emerging model of the SDLC where AI handles generation tasks while humans and specialized agents focus on validation, architecture, and risk management.
The report also indicates a structural shift in developer responsibilities. As AI assumes a larger share of code generation, developers are expected to spend more time in higher-order functions such as system design, security validation, and reviewing AI-generated output.
Key areas of increased focus include code validation, architecture design, and security oversight. This evolution signals a transition toward an AI-augmented development model where human expertise is increasingly applied to oversight and decision-making rather than manual coding.
Jason Schmitt, CEO of Black Duck, emphasized that while AI has fundamentally transformed software development productivity, the lack of governance could undermine its long-term benefits.
"AI coding assistants have permanently changed the economics of software development, and the productivity numbers make that undeniable," said Jason Schmitt, CEO at Black Duck. "But the data also clearly shows that speed without governance is a liability, not an advantage. As AI-generated code volume and expectations increase, the winners with AI are the ones building automated security and governance guardrails that scale alongside their development velocity."
Black Duck partnered with independent research firm UserEvidence to survey 831 enterprise software engineers and DevOps professionals at organizations with 500+ employees. The study was conducted in March 2026 across a range of industries, with a majority representing technology and SaaS organizations.
About Black Duck
Black Duck® meets the board-level risks of modern software with True Scale Application Security, ensuring uncompromised trust in software for the regulated, AI-powered world. Only Black Duck solutions free organizations from tradeoffs between speed, accuracy, and compliance at scale while eliminating security, regulatory, and licensing risks. Whether in the cloud or on premises, Black Duck is the only choice for securing mission-critical software everywhere code happens. With Black Duck, security leaders can make smarter decisions and unleash business innovation with confidence.
TechIntelPro empowers B2B technology decision-makers with the latest industry trends, deep insights, leadership perspectives and actionable intelligence to drive both organizational and professional milestones—and thrive on the tech pulse.