AI coding tools are here to stay, as are security and stability issues that are introduced in production.
These conclusions are consistent among recent market research reports from Google's Dora Research Division, Devsecops Vendor Harness, and IDC. AI coding tools have been widely adopted according to all of these studies. 90% of DORA's 5,000 software developer respondents to the AI-assisted software development survey reported using AI tools said they used these tools for coding. IDC's 2025 DevSecops, Vulnerability Management, and 511 respondents' Software Supply Chain Security Survey found that developers reported not actively using these tools, while the largest group, 32.9%, shows that between 26% and 50% of developers are actively using them. Additionally, a survey of 900 respondents conducted by Harness revealed, on average, that development and engineering teams use 8-10 AI tools.
These tools were also consistently shown to increase developer productivity. Over 80% of DORA respondents say AI has increased productivity, while 78% of 211 respondents in IDC's 2024 Generated AI Developer Survey reported an average increase in productivity by 35%. The software delivery bottlenecks related to AI-generated code identified in Dora's 2024 report had been somewhat mitigated by 2025, but Harness Survey found that 63% of organizations used AI tools to deliver code to production faster.
However, the research consistently reported issues caused by an increase in AI-generated code in production environments, as well as the gap between the use of automated coding tools and automated testing and repair. The DORA report links to increased AI usage to improved software delivery instability, a metric that combines software deployment and rework rates. In fact, the links of AI use and instability measured by standard deviation from the mean were stronger than the connection between AI use and software delivery throughput, product performance, and code quality. Similarly, we found that in Harness Survey, 45% of all deployments that include AI-generated code lead to problems.
This impact is already felt, with 72% of organizations reporting production incidents related to AI codes occurring.
Trevor StuartSenior Vice President of Harness
Harness executives revealed what the “problem” report means after it was released on September 30th.
“The subsequent responses featured a clear theme: 48% expressed concern about the increase in vulnerability, and 43% flagged it as high risk of regulatory noncompliance,” wrote Trevor Stuart, senior vice president and general manager of Harness, in an email to Informa TechTarget. “The impact is already felt, with 72% of organizations reporting that they have experienced production incidents related to the AI code.”
In the IDC's 2025 Devsecops survey, 41.6% of respondents occasionally identified security issues introduced by AI-generated code in less than half of all code reviews, with 14.1% and 18.5%, respectively, identified very often in most reviews, and often in more than half of reviews.
Security concerns continue to occur in AI agents. The Entertainment Strategy Group, currently part of OMDIA, found that between March and April 2025, 51% of the 350 respondents surveyed were actively deploying AI agents. Security and compliance concerns were nominated by 39% of respondents, with 17% above the list of issues identified as the most important.
The devsecops tool faces stubborn organizational disparities
Harnesses such as Github, Gitlab, Cloudbees, Atlassian, JFrog and other competitors of their developers help AI assistants and agents manage the rise in auto-generated code by automatically testing, detecting and fixing bugs and security vulnerabilities. Harness expanded its lineup of tools this week with the acquisition of QWIET AI. This helps link code vulnerabilities to production issues identified by trackable WAAP products.
Katie Norton
According to IDC analyst Katie Norton, the integration of QWIET and Traceable sets excludes harnesses separately from their competitors.
“Github and Gitlab have invested heavily in native scanners, but both allow integration. That's not the main focus,” she said. “Cloudbees and Atlassian rely more on partners and orchestration. The harnesses employ a hybrid route, meaning they coordinate third-party tools while building their own detection engine through acquisitions.”
Another differentiator of the harness is ease of use, Norton said.
“Security scans and repairs can be added as native pipeline steps using one-click configuration and pre-built templates,” she said. “It reconfigures application security from external processes into embedded pipeline functions, making it easier for DevOps and the platform team to standardize security consistently across thousands of builds.”
However, IDC findings also show the inconsistent use of automated security testing tools, even if these tools existed before the generation AI. Of the 361 respondents in the June 2025 Platform Engineering and DevOps survey, 6.1% said their organization would not run automated tests, while 2.2% estimated that all tests were automatically performed, while the largest group, 20.2%, ran automated tests from 40% to 59%.
Harness research also found limited downstream automation. Although 51% of coding workflows are averaged automated, less than half of respondents automate QA, security and compliance testing. Additionally, OMDIA's AI Agent Survey found that IT managers were overwhelmingly 56% of AI agents buyers in their organization, while risk and compliance managers accounted for just 2%.
Despite the ongoing debate over strengthening collaboration between DevOps and security teams, many companies have not yet been careful
Melinda Marks
DevSecops messages, according to Melinda Marks, an analyst at Omdia.
“My latest research on cloud computing showed that 38% of developers and Devops security tools are chosen without consulting their security team,” she said. Another 30% of the 370 respondents in the survey that has not yet been published will then select the tool and notify security, while 32% of the security team will select the tool and roll out individually.
“[The Qwiet AI acquisition] Marks helps teams take advantage of sales to typical audiences as security can be used as a key differentiator to meet key performance indicators such as application uptime, customer and corporate data protection, and compliance.
Beth Pariseau, senior news writer at Informa TechTarget, is an award-winning veteran of IT journalism covering Devops. Any hints? Please email her Or reach out @pariseutt.
Katie Norton
Melinda Marks
