Automated coding, powered by generative AI, is becoming a big part in tech development. The 2025 Cloudsmith Artifact Management Report shows that 42% of developers using AI say that at least half of their codebase is now created by AI tools.
Big companies are already leaning on automation. At Microsoft, engineers use AI to write between 20% and 30% of the code, depending on the language.
CEO Satya Nadella explained at Meta’s LlamaCon that AI is strong in Python but still weak in C++. Google has gone further, with CEO Sundar Pichai saying that AI now writes over 30% of new code. Last October, that number was 25%. At Meta, CEO Mark Zuckerberg said the company is planning to use AI for half of its software development by next year.
Some executives are predicting near-total reliance on AI. Microsoft’s CTO Kevin Scott expects AI will write 95% of code within five years.
Who Is Checking The Code Written By AI?
While AI is speeding up software development, fewer people are checking its work. Cloudsmith’s report found that only 67% of developers review AI-generated code before each deployment.
That then leaves a large portion of code going live without a proper check. This opens the door for mistakes or even malicious code to slip in unnoticed.
With that being said, the report also shows that only 20% of developers fully trust AI-written code (and honestly, that is valid). Most people still want to double check it. Around 66% say they only trust AI code after manual review.
Using AI, though, does mean the software supply chain is more exposed. Malicious actors are exploiting the situation by using different scams.
This involves creating fake software packages that look like real ones. Developers, especially those relying on AI tools to handle dependencies, can easily pull in harmful code without realising it.
More from Artificial Intelligence
- Experts Comment: Should We Go to AI Doctors for First Opinions Instead of Second?
- How to Add AI Chat to Your Website
- OpenAI Granted $200 Million Contract To Help US Military Boost AI Defence
- AI and the Accumulation of Cognitive Debt: A Trade Off Between Efficiency and Clarity?
- How AI And Automation Are Transforming CRM
- UK Government Partners With Tech Companies To Upskill AI Workforce
- Experts Comment: Is the Internet Being Polluted By AI Slop?
- AI Will Transform Everything But First It Needs a Trust Layer
What Problems Is This Causing For Security?
The biggest worry is that attackers are now aiming at the software supply chain, instead of just the network. When AI pulls in code or packages without proper vetting, it makes it easier for malware to creep in. Cloudsmith found that 30% of developers believe AI will make the threat of open source malware worse.
Developers also report more AI-generated dependencies than before. Around 86% of organisations say they’ve seen an increase in these over the last year. Of those, 40% say the rise has been huge. Even though the use of AI is growing fast, only 29% of development teams feel confident spotting malicious code in open source libraries, which is where most AI code suggestions come from.
This lack of confidence, together with the pressure to ship code fast, means that the software supply chain is more fragile. Sensitive data leaks, hidden backdoors, and compromised packages are just a few of the risks. The tools that are meant to help teams go faster are also creating more entry points for attackers, really.
What Tools Are Companies Using To Manage This?
To keep up with these changes, more companies are turning to artifact management systems. Cloudsmith reports that 56% of respondents see improved security as the top reason for using these tools. These systems help track who made what, when, and how, which is especially useful when AI is involved.
These tools are designed to support safe development by adding features like dynamic access control. This means only approved users and processes can touch certain files. Some teams are also using what are called policy-as-code systems, which apply safety rules automatically.
Developers are also being encouraged to use tools that check where code comes from. These systems can tell whether a file was written by a human or an AI tool. They can also flag anything that hasn’t been reviewed or doesn’t meet security rules. This helps developers avoid the problem of trusting AI code too easily.
Who Else Does The Move To Automated Coding Affect?
The obvious fact is that the rise of AI in coding is also changing who gets hired. Some companies are laying off software engineers. Duolingo has already replaced contract workers with AI.
At companies like Shopify, AI use is now part of the job. Employees are expected to know how to work with these tools. The people writing code are now sharing space with software that can do the same work.
Automated coding is changing how software is made, who makes it, and how secure it is. But the habits, rules, and tools around it might still have a long way to go as far as catching up goes.
