6% of the security staff budget for Fortune 500 organizations with 50+ security FTEs is allocated to AppSec.

86% of respondents are already using or exploring generative AI tools in their security programmes.

Among those who have encountered issues with AI-generated code, 83% cited lack of transparency as major concerns.

65% believe AI will significantly reshape the AppSec function within the next year.

84% said that supply chain vulnerabilities were the most significant threat to their enterprise applications.

84% recognise the role of the AppSec leader as more important now than ever. More than 84% believe their role is more important now than it was a few years ago. This increased importance is linked to factors such as growing challenges from AI-generated code and open source software.

Speed of software development outpacing security priorities was also a concern for 71%.

65% highlighted a lack of visibility across AppSec tools

63% still report moderate or significant friction in getting developers to adopt security team feedback, despite increased DevSecOps collaboration.

Among those who have encountered issues with AI-generated code, 92% reported insecure code as a concern.

76% of respondents named application security posture management (ASPM) as their top investment focus for 2025.

64% of organizations are growing their AppSec teams.