Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

AI coding assistants like GitHub Copilot and Google Gemini Code Assist are changing how developers work — accelerating delivery, removing repetition, and giving teams back time to build. But speed isn’t free. Studies show that around 27% of AI-generated code contains vulnerabilities, not because the tools are broken, but because they generate code faster than most teams can review it. The result? A growing wave of insecure code is making it into production.

Organizations spend enormous effort fixing software vulnerabilities that make their way into their public-facing applications. The Consortium for Information and Software Quality estimated that the cost of poor software quality in the United States reached $2.41 trillion in 2022, a number sure to be much higher today. That’s nearly 10% of the current GDP within the US. As we will show, it makes sense that the cost of poor software quality is so high.

As AI-generated code continues to boost developer productivity – and with it the number of vulnerabilities in code – the need for a programmatic approach to security within a fully AI-enabled reality is key. AI Trust and governance is the new standard for the AI era, and is achieved through visibility, prioritization, and policy. With this in mind, over time, Snyk has expanded the number of reports and analytics provided in its platform to address this need.

Your external attack surface is growing — whether you’re aware of it or not. Cloud migration, IoT, AI, and remote work are all contributing to the rapid expansion of organizations’ external attack surfaces, and many security teams are struggling to keep up. According to a 2021 report, 69% of organizations admitted they had experienced at least one cyberattack that was initiated through exploiting an unknown or unmanaged internet-facing asset.

Recently, the EU officially launched its vulnerability catalog: the European Vulnerability Database (EUVD). This move has sparked a discussion about the future of global vulnerability tracking. Are we headed toward fragmentation, or is this a healthy step toward decentralization?

When it comes to exposure management at any organization, it’s natural to focus on vulnerability management and application security. They’ve been core parts of security programs for years; scanning infrastructure, fixing bugs, tightening code. But if cloud security isn’t part of the conversation too, you’re leaving critical risks uncovered.

Last year, nearly 60% of cyber compromises were directly attributable to unpatched vulnerabilities – flaws that organizations knew about but hadn’t remediated in time. The problem with traditional vulnerability management (VM) approaches is they treat every finding equally, leaving security teams drowning in noise and fighting to sort serious risks from low-level tasks. This is where Risk-Based Vulnerability Management (RVBM) comes in.

Most organizations still treat vulnerability assessment (VA) as a checkbox activity, run a scan, generate a report, and move on. But security doesn’t work in isolated snapshots. Applications are dynamic, threats evolve by the hour, and even minor code changes can open new attack surfaces. This is where continuous vulnerability assessment (CVA) becomes essential.