AI-Fueled Code Pace Sparks 4x Jump in Critical App Risks, OX Finds
OX Security analyzed 216 million security findings across 250 organizations over a 90-day window. The data is stark. Raw alert volume rose 52 percent year over year. But the rise in prioritized critical risk was far larger. OX Security found nearly 400 percent increase in prioritized critical findings.
The report links this spike to faster development cycles. OX Security said the surge in AI-assisted development is creating a “velocity gap.” That gap exists where the density of high-impact vulnerabilities scales faster than remediation workflows can keep up with.
OX Security also flagged a shift in what determines risk. Traditional technical severity scores are losing ground. The report notes that business context now matters more. “Where a vulnerability lives is now more important than what the vulnerability is,” OX Security wrote. This highlights the need to understand the difference between a **threat versus a vulnerability versus risk**, as business context now elevates the latter. High Business Priority and personal data processing were the two top elevation factors. The firm reported High Business Priority in 27.76 percent of elevations and PII processing in 22.08 percent.
The analysis measured a sharp change in ratios. The ratio of critical findings to raw alerts nearly tripled. It moved from 0.035 percent to 0.092 percent, according to OX Security. The firm also connected adoption of AI coding tools to more complex flaws. Researchers at OX Security observed a direct correlation between AI tool use and the quadrupling of critical findings. This trend underscores the **dangerous side of AI in cybersecurity**, as models can introduce flaws that are difficult to detect with traditional methods. On average, that meant 795 critical findings per organization, up from 202 in the prior study period.
The report explains why. Faster code velocity produces more context-dependent bugs. These issues evade simple linting and legacy scanners. They require deeper analysis of how code runs in real systems. OX Security said many of the new flaws are not about a single line of code. They concern how features interact and how data flows across services.
Sector differences stood out too. OX Security found that insurance companies had the highest density of critical findings at 1.76 percent. Automotive organizations generated the largest raw alert volumes. The report ties that to the rapid expansion of code in software-defined vehicles. Different industries face different mixes of volume and severity. That makes one-size-fits-all tooling less effective, the report warned.
What should teams do about it? OX Security urged organizations to add context to triage. The report recommends combining technical scans with business-aware filters. It also suggests shifting some detection left while bolstering runtime controls. OX Security said those steps help reduce the gap between discovery and safe remediation.
The firm also highlighted the limits of legacy tooling. OX Security warned that standard vulnerability scanners can miss complex, context-driven defects. The report recommends investment in tools that model data flows and service interactions. It also called for stronger integration between development pipelines and security teams. That will let security move at the pace of AI-assisted development.
Experts outside the report have echoed parts of the message. Security practitioners say context matters more than ever. They recommend mapping critical assets and prioritizing fixes that protect sensitive data and high-value business workflows. That approach mirrors the elevation factors OX Security identified.
OX Security noted this is the second year it has run the analysis. The trend is clear and concerning. More alerts do not always mean proportional risk. The density of severe, actionable problems can grow faster than teams can respond.
The full 2026 analysis includes methodology and industry-specific benchmarks. OX Security made the report available to help organizations benchmark their own posture. The findings push a simple conclusion: security must move beyond raw counts and focus on context, speed, and integration.