Tech Radar reports that organizations are knowingly shipping vulnerable code, despite the increasing risks posed by rapidly shrinking time-to-exploit windows, a trend exacerbated by AI-generated applications.
New research from Checkmarx reveals that 75% of organizations admit to frequently or sometimes deploying code they are aware is vulnerable. This practice, once manageable with exploit windows of hundreds of days, has become significantly riskier.
AI tools have drastically reduced the time to exploit vulnerabilities to less than two days, with predictions that this window could shrink to just one minute within two years. This poses an urgent threat, particularly to sectors like healthcare, which are already grappling with escalating ransomware attacks and third-party software risks.
The rise of vibe-coded apps, built entirely by AI without manual code review, further compounds these exposure risks. Recent findings indicated over 5,000 such apps were pushing sensitive corporate, personal, and medical data onto the open web, often with basic security flaws.
Kelley Damore is Chief Content Officer at CyberRisk Alliance, where she leads content strategy across the company’s digital brands, research, communities and live events serving CISOs and security practitioners. At CyberRisk Alliance, she is focused on delivering 365-day engagement, trusted journalism and actionable insights to help security leaders navigate an increasingly complex threat landscape.
Kelley Damore is Chief Content Officer at CyberRisk Alliance, where she leads content strategy across the company’s digital brands, research, communities and live events serving CISOs and security practitioners. At CyberRisk Alliance, she is focused on delivering 365-day engagement, trusted journalism and actionable insights to help security leaders navigate an increasingly complex threat landscape.
An error occurred trying to play the stream. Please reload the page and try again.
CloseRegistering with SC Media is 100% free. Join tens of thousands of cybersecurity leaders today and gain access to the latest analysis shaping the global infosec agenda.
