A survey of 831 software engineers and DevOps professionals published today identifies manual reviews (52%), security testing (51%), code rework (48%) and prompt iteration (41%) as the major bottlenecks that software engineering teams are encountering in the age of artificial intelligence (AI) coding.
Conducted by the market research firm User Evidence on behalf of Black Duck Software, the survey finds 41% of respondents have incorporated AI coding assistants into more than half of new application development projects, with GitHub Copilot (83%), Claude Code (63%) and Amazon Q (49%) being the most widely used.
Well over half (58%) said adding AI coding tools has also driven major improvements in productivity and release velocity, with 56% reporting there has been a 26% or more increase in code volume in the past 12 months. A full 91% said developers are saving at least three hours a week, with 13% reporting time saved is greater than 15 hours a week.
Instead of writing code, survey respondents said developers are spending more time reviewing and validating AI-generated code (29%), working on complex architecture and system design tasks (29%) and security verification and risk management (23%). A total of 64% said they are either extremely concerned (25%) or moderately concerned (39%) that AI coding tools are introducing security defects and vulnerabilities into their code bases. Well over half (56%) said they would prefer to have a separate, distinct AI agent dedicated specifically to security.
Shandra Gemmiti, senior director for customer and product marketing for Black Duck Software, said the survey makes it clear that, in terms of adoption of AI coding tools, an inflection point has been reached. However, there are significant skills gaps and many organizations have yet to extend their governance frameworks to include code created using AI coding tools, many of which are being adopted by individual developers with little to no oversight.
In fact, the survey finds that only 30% of respondents have a formal approval process for using AI coding agents that is centrally governed and monitored, compared to 44% that have approval policies that are not fully monitored. More than two-thirds of respondents (68%), however, said having an automated system to track and measure AI-generated code is extremely important.
Automated tagging or metadata within an integrated development environment (IDE) or repository (40%) is currently the most widely used method for tracking code, followed closely by manual developer comments or documentation in pull requests (38%).
As AI coding tools become more widely relied on, a need to revisit how policies are enforced is becoming more apparent as the ground underneath the feet of DevOps teams continues to shift, said Gemmiti.
The one thing that is certain at this juncture is that when it comes to AI, there is no going back. Test development and orchestration (71%), user experience design and prototyping (64%), pipeline automation (46%), automated vulnerability remediation (44%) and threat modeling (42%) are all tasks the DevOps teams are hoping to automate using AI in the next 12 months.
The challenge, as always, is finding the best way to achieve that goal without consuming tokens to the point where it might be less expensive to continue to assign those tasks to a human.
