Jonathan Rende, chief product officer at Checkmarx, tackle’s one of the most urgent questions in AppSec right now: what happens when AI starts writing the majority of your software?

With estimates that as much as 60% of code is being generated by AI in some environments—and that AI-authored code is already finding its way into production—the conversation quickly moves past novelty and into operational reality. The central theme is trust: should AI-generated code be treated differently than human-written code, and are organizations holding it to a higher standard simply because they’re less confident in how it was produced?

Rende unpacks how developer behavior is changing as copilots and agents make it possible to generate thousands of lines of code quickly, often faster than teams can realistically review it. That shift increases pressure on DevSecOps “outer loop” controls—static analysis, dynamic testing, supply chain security, and governance—to catch defects and vulnerabilities before they become incidents. The issue isn’t only volume; it’s also context. Even as models improve, secure outcomes still depend on how developers prompt, validate, and integrate AI output into real systems.

They also explore the evolving benchmark landscape for measuring model security performance and what those trends suggest: AI-generated code may be getting less vulnerable over time, but “less vulnerable” isn’t the same as “secure.” Rende argues that while common vulnerability patterns may decline, higher-order logic flaws and transitive issues will remain difficult—and may even become more prominent as applications and AI-driven supply chains grow more complex.

Whether code is written by humans or machines, production software still demands rigorous, continuous security testing—because in the AI era, the attack surface is expanding as fast as delivery velocity.