2026年人工智能在安全与发展领域的现状

IntroductionKey findingsMain research findingsThe security reality AI adoption and trustToo many vendors, too little securityDeveloper experienceRegional and cultural insightsConcluding Thoughts Demographics This report brings together the voices ofthe people building and securing today’ssoftware.Sapio Research on behalf of Aikido Security, surveyed 450 full- The result is asnapshot of how AIadoption, tool sprawl,& dev experiencereshape the balancebetween speed &safety in 2025. time professionals across Europe and the US: 150 developers,150 security leaders (CISOs or equivalent), and 150 applicationsecurity engineers. Respondents came from a broad mix of industries, company sizes, and team structures, from fast-growing start-ups toglobal enterprises.Each participant is actively involved in software delivery orsecurity decision-making. By combining the perspectives of those writing code, thosereviewing and testing it, and those accountable for risk at the top, the survey provides a rare cross-section of the tensions andtrade-offs shaping software security today. Key Findings Key Findings AI optimism vs reality AI generatedcode createsreal-world risk1 introduced by AI-generated code. 1 in 5 suffered a serious incident directly tied to it 53% would blame security, 45% would blame thedev who generated the code. secure code, but on average expect it will take 5+years. Only 21% think AI will ever do it without humanoversight. 90% of organizations expect AI to take overpentesting, with a 5.5-year timeline. Key Findings Incidents are thenorm3 Europe prevents,USA reacts US) but more near-misses (53% vs 40%). incident in the past year
 3 in 4 CISOs said they were impacted by an incidentin the last 12 months Integrated App& Cloud securityshows lowerincident rates Tool sprawlcreates moreincidents, notmore security5 are 50% more likely to face incidents 93% of those with separate tools report integrationheadaches (duplicate alerts, inconsistent data). tools (5.1) than those without (4.2). More vendors tools = more overhead and slowerremediation Securityengineers areessential7 Better DevEx =fewer incidents report fewer incidents than those using single-audience tools. 65% of teams say false positives force them intorisky behavior (delaying fixes, dismissing alerts,bypassing checks). engineer could directly cause a serious breach. Delays in incident response, product developmentand compliance readiness were cited as otherfactors. The security reality Q. Has your organization experienced a security incident or “near miss”related to a software vulnerability in the past 12 months? Select one Yes, a material security incidentYes, a near miss (caught before itbecame serious)No incidents One quarter ofCISOs reported aserious securityincident in thelast year incident. For some, these were warning shots, but for others(more than a quarter), the incidents were material. The same impact is felt at the highest level; one in four ChiefInformation Security Officers (CISOs) reported a serious security incident, forcing them into difficult conversations withtheir boards, customers, and regulators. AI generated code is already causing real-world damage 1 in 5 organizations suffered a seriousincident linked to AI-generated code “AI-generated codeshouldn’t be fullytrusted, since it cancause seriousdamage. This is a reminder to AI generated code is alreadycausing real-world damage AI-generated code. For some, the resulting cost was steep: 1 in 5incidents escalated into serious breaches. carefully double-check its outputs"- Natalia Konstantinova, Global Architecture Lead in AI, BP 1 in 4 CISOs admitSecurity engineers are business-critical Q. If one of your top security engineers were to leave theorganization‚ what would the impact be? Select all that apply: losing one engineer→ serious breach 
 
 complexity makes it worse. When tools arehard to manage, tribal knowledge builds upin one engineer’s head. If that person leaves,the team is exposed: incident response slows,fixes are delayed and audits slip. More than aquarter (28%) of respondents admit it coulddirectly lead to a serious attack or breach,and this is echoed by 1 in 4 CISOs. 1 in 4 CISOs admitSecurity engineers are business-critical losing one engineer→ serious breach 
 
 "It's a bit ironic that the industry talks so muchabout replacing people with AI, but insecurity, we worry much more about nothaving enough security people" “This demonstrates the slim threadwhich at times holds systems together,and highlights the need to properlyallocate resources to cybersecurity” "Everyone wants the unicorn security engineer withexperience across every facet of cyber, but that comesat a steep cost. Instead, organizations should focus onbuilding a talent pipeline, making knowledge transferand clear documentation of “tribal knowledge” coredeliverables for their security engineers." Accountability seems to cut both ways; 53% of respo