Nearly 9 in 10 organizations use AI-powered coding assistants, yet over 1 in 5 lack confidence in preventing AI-driven security vulnerabilities
BURLINGTON, Mass., Aug. 26, 2025 /PRNewswire/ — Black Duck® Software, Inc. (“Black Duck”), a leading global provider of application security solutions, today released “The State of Embedded Software Quality and Safety 2025” report. The report is based on a survey of 785 development and security professionals, conducted by Censuswide in June 2025, providing a global snapshot of the embedded software ecosystem across geographies, roles, and industries.
The embedded software landscape is undergoing a significant transformation, driven by the rapid adoption of artificial intelligence (AI) and the maturation of software supply chain management. According to the report’s findings, these changes are redefining the way companies develop, deploy, and secure their software.
The report reveals that while AI adoption is universal, governance is lagging. In fact, 89.3% of organizations are already using AI-powered coding assistants, and 96.1% are integrating open source AI models into their products. However, this rapid adoption has outpaced the development of necessary governance and security measures, with 21.1% of companies lacking confidence in their ability to prevent AI from introducing security vulnerabilities. Additionally, the emergence of “Shadow AI” – where developers use AI tools against company policy – poses a significant unmanaged risk, affecting 18% of companies.
Additional key findings include:
- Software Bills of Materials (SBOMs) have evolved from a regulatory requirement to a commercial necessity. The report shows that 70.8% of organizations now produce SBOMs, driven primarily by customer and partner requirements (39.4%), surpassing industry regulations (31.5%). This shift underscores the market’s demand for transparency in software supply chains.
- The role of embedded developers is being rewritten, with a decisive shift towards memory-safe languages adopted by 80.4% of companies. Python is increasingly popular, overtaking C++ in some contexts, signaling a change in the required skillset for developers.
- The report also identifies a significant disconnect between management and engineers regarding project success. While 86% of CTOs and directors consider their projects successful, only 56% of hands-on developers share this optimism, highlighting a fundamental perception gap that represents a systemic business risk.
“The old software world is gone, giving way to a new set of truths being defined by AI,” said Jason Schmitt, CEO at Black Duck. “To navigate the changes, technical leaders should carry out rigorous validation on AI assistants. Managers should establish formal AI governance policies and invest in training for emerging technologies. Security professionals should update their threat models to include AI-specific risks and leverage SBOMs as a strategic asset for risk management to achieve true scale application security.”
As the embedded software industry continues to evolve, organizations that adapt to these new realities will be better positioned to innovate securely and maintain a competitive edge in the market.
To learn more, download a copy of the “The State of Embedded Software Quality and Safety 2025” report, read our detailed blog post, or register for the upcoming August 28th webinar.
About Black Duck
Black Duck® meets the board-level risks of modern software with True Scale Application Security, ensuring uncompromised trust in software for the regulated, AI-powered world. Only Black Duck solutions free organizations from tradeoffs between speed, accuracy, and compliance at scale while eliminating security, regulatory, and licensing risks. Whether in the cloud or on premises, Black Duck is the only choice for securing mission-critical software everywhere code happens. With Black Duck, security leaders can make smarter decisions and unleash business innovation with confidence. Learn more at www.blackduck.com.
SOURCE Black Duck Software
