AI sped up flaw discovery
An OX Security analysis of 216 million findings found AI‑driven development scaled discovery of high‑impact flaws roughly 400% faster, with business context increasingly influencing prioritisation over raw CVSS scores. The study highlights that automated tooling and AI accelerants are changing how quickly risky issues surface. The analysis suggests security workflows are shifting toward context‑aware triage rather than pure severity metrics. (x.com)
Software teams are finding serious security flaws far faster than before, and OX Security says artificial intelligence-assisted coding is a big reason. (prnewswire.com) OX Security said its 2026 benchmark drew on 216 million application security findings from 250 organizations, collected over 90 days in the fourth quarter of 2025. The company published the report on March 17, 2026. (prnewswire.com) The report said average raw alerts per organization rose 52% year over year, to 865,398 from 569,354. After triage, average critical findings rose to 795 from 202, which OX described as nearly four times higher. (prnewswire.com) Application security is the work of scanning software for weaknesses before attackers use them. A finding becomes more urgent when it sits in a system tied to customer data, payments, or other core business functions. (thehackernews.com) That is where the report says the ranking system is changing. Across the 216 million findings, the most common factor that pushed risk higher was “High Business Priority” at 27.76%, ahead of “Personally Identifiable Information Processing” at 22.08% and “Common Vulnerability Scoring System High Severity” at 20.55%. (prnewswire.com) The Common Vulnerability Scoring System is a technical scorecard that rates how severe a flaw looks on paper. OX said that score is no longer the main driver of what gets fixed first, because companies are putting more weight on where a flaw lives and what data or service it can touch. (thehackernews.com; prnewswire.com) OX tied the shift to faster software production from artificial intelligence coding tools. The report said the ratio of critical findings to total findings climbed from 0.035% to 0.092%, which means the pool of meaningful risk grew faster than the overall pile of alerts. (prnewswire.com) The industry breakdown was uneven. Insurance companies had the highest share of critical findings at 1.76%, while automotive companies produced the highest raw alert volumes, which The Hacker News linked to expanding software in vehicles. (prnewswire.com; thehackernews.com) Neatsun Ziv, OX Security’s chief executive, said security teams were “never built to handle” the pace of code output from artificial intelligence-assisted development. The company’s report argues that finding flaws is no longer the bottleneck by itself; deciding which flaws threaten the business most is taking a larger role. (prnewswire.com)
