AI-supported coding has progressed from experimental to the norm in organizations, yet technical debt, security risks, and costs could be piling up much faster than anyone realizes.
This is one of the key takeaways from the Software Improvement Group (SIG) 2026 State of Software report, which analyzed more than 30,000 software systems and more than 400 billion lines of code. In other words, even though artificial intelligence is helping businesses to develop software more rapidly, software governance and quality management processes lag behind.
The report revealed that 90% of IT workers currently use AI on their jobs, with AI-produced code comprising 1.9% of corporate production code. While this figure might seem small, analysts have pointed out that production codebases comprise years of legacy code and that the percentage is therefore quite significant considering the number of deployments.
AI-generated code carries a higher risk
One of the interesting findings of this study was that code generated by AI contained around twice as many security risks as code written by humans. Another point made by researchers was the decreasing maintainability of AI code as system size increased.
According to the report’s findings, AI code generators usually produce convincing output; however, they don’t have the knowledge to understand architecture. As systems grow in size, the productivity benefit of using AI for code generation diminishes, since models cannot comprehend entire software landscapes.
SIG found that AI-generated code had twice the security risk violations of human-written code in its analysis. Their own experiments have shown that AI-based projects have twice as many security risks as human-based projects.
Technical debt is a growing problem
SIG argues that AI can help with code-level cleanup, but it does not solve architectural debt, which depends on context, domain knowledge, and system-wide judgment.
On the contrary, researchers found that AI might be increasing technical debt, especially architectural technical debt. While AI is increasingly helpful for code-related problems, such as duplication and documentation, it fails to address architectural concerns, which require a long-term business vision.
This is quite an impressive financial gain. According to Software Improvement Group, improving code maintainability can save the equivalent of 5.8 developers, translating to an annual saving of around €870,000.
Additionally, the study revealed that companies with less technical debt were capable of meeting 72% more compliance requirements compared to other companies with high technical debt.
Security weaknesses are widespread
The report finds that the situation for enterprise software is concerning.
It was observed that 71% of the codes exhibit security controls at the low security level, while, on average, there are about 20 security findings associated with enterprise software. In general, larger applications perform better than smaller ones, a consequence of increasing complexity.
However, broken access controls, injection flaws, insecure design, and security misconfigurations have been identified as recurring issues for enterprises that persist among the Top 10 OWASP vulnerabilities.
Open-source dependencies add further exposure
Open-source software is deeply ingrained in corporate application development. On average, enterprises use 132 open-source libraries; however, some 45% of these companies do not meet the report’s recommendation regarding open-source health.
According to the report, the availability of AI-based tools for vulnerability discovery makes open-source components even more appealing to cybercriminals. Supply chain attacks and third-party breaches have become more frequent over the past several years.
AI costs are becoming harder to predict
Besides the issues related to quality and security, the report recently discussed operational expenses associated with the use of AI technologies.
According to Software Improvement Group’s average statistics for companies, AI coding tools will cost around €120,000 per year when working with a team of 50 programmers, roughly equivalent to the cost of employing one additional programmer. Agentic AI might cost even more because coding with such systems may take up to 1,000 times as many tokens as regular AI coding.
Visibility becomes the differentiator
Even with the potential downsides, the report does not call for a slow-down of AI. Rather, it posits the need for greater visibility into where AI is being used, what kinds of code it generates, and its effects on maintainability, security, and cost.
According to the researchers, the companies that benefit most from AI are those that continuously assess software quality, implement controls before code goes into production, and have visibility into their software portfolio. Elsewhere, AI only makes things worse, and more technical debt accrues.
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.