As organisations in Asia continue to accelerate their digital transformation, a new report from Black Duck highlights a growing concern among security leaders: the increasing security debt resulting from rapid development practices. The "Balancing AI Usage and Risk in 2025: The Global State of DevSecOps" report reveals that while development teams are deploying code at unprecedented frequencies, security practices are lagging significantly behind.
The research, based on a survey of over 1,000 software and security professionals, indicates that nearly 60% of respondents are deploying code daily or more frequently. However, 46% of companies still rely on manual processes to get new code through security testing, leading to incomplete coverage and a greater risk of vulnerabilities.
This growing security debt poses significant challenges, particularly for Chief Information Security Officers (CISOs) and security leaders in the region.
Black Duck CEO Jason Schmitt emphasises the need for a paradigm shift: “The findings paint a clear picture: the old ways of doing application security aren't working, and speed without integrated security creates risk for companies.”
This sentiment underscores the urgency for security leaders to adopt more effective strategies in the face of rapid AI-enabled development pipelines.
One of the primary concerns highlighted in the report is the issue of tool sprawl. Over 71% of respondents reported that a significant portion of security alerts are merely "noise," comprising false positives or duplicate findings from various tools.
This not only undermines the return on investment for security measures but also leads to frustration among development teams, creating friction that can slow down deployment.
Moreover, the speed vs. security dilemma is palpable, with 81% of professionals indicating that application security testing often slows down development and delivery. This tension necessitates a new approach where security is seamlessly integrated into development workflows rather than treated as a separate phase.
Interestingly, while 63% of respondents believe that AI contributes to writing more secure code, 57% acknowledge that it also introduces new security risks. This duality presents a complex challenge for security leaders, who must balance the benefits of AI with the potential for new vulnerabilities.
To address these challenges, the report advocates for robust AI governance frameworks, rationalisation of the application security testing toolchain, and investment in developer-centric security tools.
By shifting towards a proactive, platform-based strategy that embeds security into developer workflows, organisations can achieve true scalability in application security.
As Asian CISOs prepare for 2026, addressing the growing security debt while leveraging the advantages of AI will be crucial for safeguarding their organisations.
