AI-Generated Code Risks Escalate for Security, Legal, and Compliance Teams
A recent survey indicates nearly half of engineering organizations are deploying AI-generated code in production, raising significant concerns for security, legal, and compliance teams.

A new survey conducted by Flux reveals a significant trend: nearly half of engineering organizations are now running AI-generated code directly in production environments. While the adoption of AI tools in software development is nearly universal, with under five percent of companies not planning to integrate AI within the next year, the deployment of AI-assisted code without direct customer exposure is a growing concern for various departments.
Engineering teams are primarily leveraging AI for repetitive tasks such as writing documentation, generating unit tests, and handling simple functions. These are areas where potential mistakes are contained and easier to detect. However, adoption diminishes as the complexity and stakes increase. While AI has delivered on promises of increased productivity and faster prototyping for a majority of users, its effectiveness in reducing errors has fallen short of expectations, with almost half of non-adopters anticipating error reduction, a benefit only realized by about a third of current users.
Ted Julian, CEO and founder of Flux, highlighted that the path from writing AI-generated code to shipping it involves multiple layers of safeguards. Teams are not relying on a single tool or process to deem AI code production-ready. "The absence of a single unlocking safeguard is itself a finding: teams with substantial tooling in place still choose not to ship," Julian stated. Organizations that refrain from deploying AI code in production tend to invest more heavily in upfront security measures, including code quality analysis, software composition analysis, and specialized training for coding assistants.
Despite these precautions, the review process for AI-generated code presents a significant bottleneck. Code reviews already consume a substantial portion of developers' workweeks, and the introduction of AI-generated code, which can differ in style and structure from human-written code, further slows down the process. There is no consensus among developers on whether AI increases or decreases bugs; approximately one-third report more issues, another third report fewer, and the remainder see no significant change. Visibility into these changes remains a challenge, with a notable portion of leaders admitting they struggle to keep pace with weekly modifications.
Beyond technical concerns, a prevalent downside identified by over 40% of organizations is the potential for lost learning opportunities for junior developers. This issue persists across companies regardless of the breadth of AI adoption. However, the impact is more pronounced in larger organizations; companies with fewer than 50 developers report this issue at a 31% rate, while larger bands see rates between 44% and 46%. Julian noted that while managing AI agents is a new skill that can foster productivity, the long-term implications for developing senior engineers and the essential skills they must pass on remain uncertain.
In response to these challenges, companies are increasing their spending on safeguards. Close to half of respondents have invested in code quality analysis tools, with significant minorities adopting automated review, static and interactive security testing, and software composition analysis – categories that have rapidly emerged in the market. Development and release processes have also been adapted, with over 80% of organizations making adjustments, primarily minor ones, such as implementing new AI use policies, mandatory training, and enhanced code review protocols.
Ultimately, there is a strong sentiment that AI could eventually surpass human capabilities in certain aspects of code review. A significant majority of respondents (76%) expressed a desire for tools that can mitigate the risks associated with AI-generated code. This indicates a strategic bet by companies that further AI integration will be key to addressing the very problems AI-assisted development introduces, driving investment in solutions that aim to enhance the security and reliability of AI-generated code.