The transformations taking place in the embedded software landscape are redefining the way companies develop, deploy, and secure their software, according to "The State of Embedded Software Quality and Safety 2025" report by Black Duck Software, Inc. ("Black Duck").
AI deployment vs AI confidence
The report, based on a survey of 785 development and security professionals, conducted by Censuswide, underscores the promising potential of AI in software development. It reveals that 89.3% of organisations are already benefiting from AI-powered coding assistants, and 96.1% are integrating open-source AI models into their products.
However, only 21.1% of companies lack confidence in their ability to prevent AI from introducing security vulnerabilities. Additionally, 18% of companies are affected by the emergence of 'Shadow AI', a term used to describe the unauthorised use of AI tools by developers against company policy, which can lead to security breaches and other risks.
"The old software world is gone, giving way to a new set of truths being defined by AI," said Jason Schmitt, CEO at Black Duck.
"To navigate the changes, technical leaders should carry out rigorous validation on AI assistants. Managers should establish formal AI governance policies and invest in training for emerging technologies. Security professionals should update their threat models to include AI-specific risks and leverage SBOMs as a strategic asset for risk management to achieve true scale application security," Schmitt said.
