AI and Supply Chain Transparency Reshape the Embedded Software Landscape: Black Duck Study

Nearly 9 in 10 organizations use AI-powered coding assistants, yet over 1 in 5 lack confidence in preventing AI-driven security vulnerabilities

Black Duck Software, Inc., a leading global provider of application security solutions, released “The State of Embedded Software Quality and Safety 2025” report. The report is based on a survey of 785 development and security professionals, conducted by Censuswide in June 2025, providing a global snapshot of the embedded software ecosystem across geographies, roles, and industries.

The embedded software landscape is undergoing a significant transformation, driven by the rapid adoption of artificial intelligence (AI) and the maturation of software supply chain management. According to the report’s findings, these changes are redefining the way companies develop, deploy, and secure their software.

Cyber Technology Insights : CrowdStrike Recognized as a Leader in 2025 IDC MarketScape for Global Incident Response Services

The report reveals that while AI adoption is universal, governance is lagging.  In fact, 89.3% of organizations are already using AI-powered coding assistants, and 96.1% are integrating open source AI models into their products. However, this rapid adoption has outpaced the development of necessary governance and security measures, with 21.1% of companies lacking confidence in their ability to prevent AI from introducing security vulnerabilities. Additionally, the emergence of “Shadow AI” – where developers use AI tools against company policy – poses a significant unmanaged risk, affecting 18% of companies.

Additional key findings include:

• Software Bills of Materials (SBOMs) have evolved from a regulatory requirement to a commercial necessity. The report shows that 70.8% of organizations now produce SBOMs, driven primarily by customer and partner requirements (39.4%), surpassing industry regulations (31.5%). This shift underscores the market’s demand for transparency in software supply chains.
• The role of embedded developers is being rewritten, with a decisive shift towards memory-safe languages adopted by 80.4% of companies. Python is increasingly popular, overtaking C++ in some contexts, signaling a change in the required skillset for developers.

Cyber Technology Insights : ISC2 Security Congress 2025 to Spotlight AI and Software Security for Cyber Professionals

• The report also identifies a significant disconnect between management and engineers regarding project success. While 86% of CTOs and directors consider their projects successful, only 56% of hands-on developers share this optimism, highlighting a fundamental perception gap that represents a systemic business risk.

“The old software world is gone, giving way to a new set of truths being defined by AI,” said Jason Schmitt, CEO at Black Duck. “To navigate the changes, technical leaders should carry out rigorous validation on AI assistants. Managers should establish formal AI governance policies and invest in training for emerging technologies. Security professionals should update their threat models to include AI-specific risks and leverage SBOMs as a strategic asset for risk management to achieve true scale application security.”

As the embedded software industry continues to evolve, organizations that adapt to these new realities will be better positioned to innovate securely and maintain a competitive edge in the market.

Cyber Technology Insights : Seedtag Expands Partnership with HUMAN Security to Strengthen Advertising Integrity

To participate in our interviews, please write to our CyberTech Media Room at sudipto@intentamplify.com