Global survey reveals two-thirds of security practitioners spend more time manually validating findings instead of resolving vulnerabilities
SAN FRANCISCO, April 22, 2026 /PRNewswire/ — ProjectDiscovery, a leader in vulnerability detection and autonomous security testing, today released findings from its “2026 AI Coding Impact Report,” a first-of-its-kind study examining how the rapid rise of AI-assisted coding is affecting the cybersecurity professionals responsible for keeping software secure.
The company surveyed 200 cybersecurity practitioners and leaders across North America and Western Europe, with respondents representing a cross-section of mid-to-large enterprises (the majority between 1,001 and 5,000 employees). The findings point to a widening gap between engineering output and security capacity. One hundred percent of respondents reported increased engineering delivery over the past twelve months, with nearly half (49%) attributing most or all of that acceleration to AI-assisted coding tools. At the same time, 62% of security teams say keeping up with that volume is getting harder, and two-thirds are spending more than half of their time manually validating findings rather than fixing them.
“The industry spends a lot of oxygen talking about finding more vulnerabilities, but our data shows the real bottleneck is downstream. We have a validation and remediation systems problem,” said Rishi Sharma, CEO and co-founder of ProjectDiscovery. “Practitioners do not need more scanners piling on more alerts. They need fewer tools that deliver evidence instead of noise, and they need AI that can help teams scale innovation and risk management at the same pace.”
Key Findings include:
- Security Teams Are Reaching an Inflection Point: Nearly 60% of respondents say they are able to keep up with the increased code volume for now, but it is getting harder. While 40% of respondents say they are keeping up well with the increased volume of code requiring security review, mid-sized organizations feel the pressure most critically, with 69% of respondents in that cohort reporting growing difficulty.
- AI-Generated Code Is Introducing New Categories of Enterprise Risk: Security practitioners ranked concerns around exposing secrets (78%) as the number one challenge introduced or amplified by AI-assisted coding.
- Practitioners Are Trapped in a Manual Validation Loop: Two-thirds (66%) of security practitioners spend more than half their time manually validating findings rather than resolving the underlying vulnerabilities. The top weekly activities include triaging alerts (60%), coordinating fixes (53%) and validating exploitability (46%), which do not account for actually fixing vulnerabilities.
- Trust Is the Gating Factor for AI Adoption in Security: While practitioners recognize AI’s potential to help them keep pace, they are hesitant to leverage tools they cannot inspect. For respondents to trust AI-based penetration testing, 57% would need a full audit trail of actions taken.
The data in this report describes a security workforce that is skilled and committed, but overloaded. They are dealing with more code, more alerts, more false positives and more manual proof-of-concept work than their bandwidth can sustain. With AI-assisted coding adoption accelerating, the volume will only keep climbing. Organizations who prioritize the appropriate tooling for their teams will help close the gap between “finding” and “fixing,” and help instill evidence-based trust with security professionals.
For more information, the full 2026 AI Coding Impact Report is available for download at: projectdiscovery.io/research/ai-coding-impact-report.
About ProjectDiscovery
ProjectDiscovery is an open source cybersecurity company that built the security toolchain trusted by more than 100,000 practitioners worldwide. The company created Nuclei, the most widely used open source vulnerability scanner with over 10 billion scans run, along with a suite of modular tools, including Subfinder, httpx, and Naabu, that security teams use to map attack surfaces and identify exploitable vulnerabilities across their organizations. Building on that foundation, ProjectDiscovery offers Neo, an AI-powered security testing platform that unifies SAST, DAST, and automated penetration testing to help teams move from finding vulnerabilities to verifying and fixing them. ProjectDiscovery is a winner of the RSAC Innovation Sandbox 2025 and a Black Hat Asia award recipient 2025. Learn more at projectdiscovery.io.
SOURCE ProjectDiscovery