From Blind Spots to Active Defense: Securing the AI-Generated Code

The software development lifecycle is undergoing a radical transformation. In 2025, 41% of all code written globally is AI-generated and projected to exceed 50% by 2027¹. Application teams are shipping features at unprecedented speeds, but this velocity has triggered a massive surge in technical and security debt.

The adoption of AI coding agents has led to a 10x increase in new security findings over just a six-month period, introducing up to 2.74x more security defects compared to human-written code. Extensive testing reveals that 45% of AI-generated code samples contain known vulnerabilities when no explicit security guidance is provided. As a direct result, the industry has experienced a 36% year-over-year spike in high-risk vulnerabilities, pushing the proportion of organizations harboring security debt to 82%².

While application teams are dealing with this mountain of vulnerable code, the window to fix it is shrinking vanishing. Over the last six years, the time-to-exploit has decreased drastically—from an average of two months down to -1 days (zero-days). Attackers are moving faster than ever, and the situation is about to escalate.

With the recent announcements surrounding Anthropic’s Mythos model and Project Glasswing, we are entering an era where attackers will weaponize advanced reasoning models. These upcoming launches will allow threat actors to deploy autonomous AI agents to probe applications, find AI-generated exploits, and execute attacks at machine speed and minimal cost.

In our previous post, Stop Chasing Ghosts: Prioritize Real Risks in the AI Era, we discussed how engineering teams can cut through the noise of static security scans by leveraging runtime visibility to prioritize vulnerabilities. But when AI attackers are actively combing through your runtime environment at machine speed, passive prioritization is no longer enough. You need an active defense.

Security Built on Your Existing Observability Solution

Splunk Observability Cloud is already a leader in Application Performance Monitoring (APM), trusted by teams to unify application, infrastructure, and digital experience monitoring in one place. You rely on it to detect and investigate issues using all your metric, trace, and log data—with zero sampling and AI-assisted troubleshooting.

Secure Application builds directly on these core strengths. It collects additional security-specific events alongside your existing telemetry, enriching the massive stream of full-fidelity data you are already collecting. By analyzing the traces that tell you why an application is slow, you can now map open-source risk directly to your business impact, telling you if and where you are vulnerable. This convergence makes your observability platform stronger, turning operational data into security intelligence.

We are building on our foundational capabilities to deliver a truly active defense mechanism for observability teams. These core pillars include:

• Minimal-Friction Deployment via OpenTelemetry: Application teams cannot afford to be slowed down by heavy, proprietary security agents. Secure Application leverages your existing Splunk Distribution of OpenTelemetry. If you are monitoring your application with Splunk APM, turning on security is simply a configuration update—delivering immediate runtime visibility with near-zero friction.
• Simplified 3rd-Party Library Discovery: We provide dynamic, real-time SBOM-like capabilities with a continuous inventory of 3rd-party libraries that surfaces nested and "shadow" dependencies actively loaded in memory, eliminating the blind spots left by static scanners. Alongside this visibility, we continuously provide remediation guidance with recommended upgrade versions. Crucially, we also offer AI-based guidance to evaluate these upgrades, helping you navigate complex dependency trees to ensure you fix vulnerabilities without introducing breaking changes to your application.
• Data-Driven Prioritization with Cisco Vulnerability Management (CVM): We cut through SLA fatigue by replacing theoretical CVSS scores with AI-based predictive risk scoring, powered by active exploit intelligence and dark web chatter to identify the vulnerabilities most likely to be weaponized.

The Next Evolution: Active Threat Detection and Blocking

To combat the automated exploits of the AI era, we are thrilled to announce the updated launch of Secure Application (Threats) in Splunk Observability Cloud.

Here is how the newly enhanced Secure Application protects your AI-driven workloads:

1. Real-Time Attack Detection and Policy-Driven Blocking

When an AI-driven botnet attempts to exploit a vulnerability in your production environment, you don't have time to wait for a Jira ticket to be resolved. Secure Application actively monitors your application's execution flow in real-time to detect live exploitation attempts.

Crucially, it does not just block blindly and risk breaking your application. It provides a flexible policy management framework that allows SREs and security teams to configure precise rules across all services and environments. You can set policies to monitor or actively block specific attack types—such as Command Execution, Log4j, SQL Injection, or unauthorized network access.

When an attack is detected, Secure Application arms your team with deep context to investigate instantly, including:

• Attacked host, environment, and service
• Impacted business context
• Client IP and HTTP method
• The specific event and trigger
• The full code-level stacktrace

2. Business Context Mapping

Not all vulnerabilities or attacks carry the same business risk. Because Secure Application is native to Splunk Observability Cloud, it automatically maps both active threats and vulnerable libraries directly to your application topology and user journeys.

For example, a vulnerability or active injection attempt on a rarely used, internal backend tool requires a vastly different response than an attack hitting your primary "Payment Processing" checkout flow. SREs can instantly see the business impact of an incident, ensuring that revenue-generating services are prioritized for immediate remediation or active blocking, while lower-priority issues are scheduled appropriately.

3. Unifying Application and Security Teams via Splunk Integrations

The AI arms race requires unprecedented collaboration between Engineering and Security. Siloed tools create blind spots and slow down incident response. With this launch, Secure Application seamlessly integrates with Splunk Cloud and Splunk Enterprise Security (ES).

• Shared Intelligence: High-fidelity alerts regarding blocked attacks and exploited vulnerabilities are routed directly into the Splunk security ecosystem.
• Faster Triage: Security Operations Centers (SOC) gain immediate, code-level context from the observability pipeline, while SREs get the threat intelligence they need. By bringing Application and Security teams together on a unified data platform, organizations can drastically reduce Mean Time to Respond (MTTR) when facing automated, AI-driven threats.

Elevating Observability to Active Defense

The speed of AI-generated code has created a massive surface area of security debt, and models like Mythos are giving attackers the tools to exploit it at scale. As the time-to-exploit shrinks from months to zero-days, you cannot fight automated, machine-speed attacks with manual, siloed workflows. By combining the minimal-friction deployment of OpenTelemetry with flexible attack blocking, business context mapping, and seamless Splunk Security integrations, Secure Application transforms your observability pipeline into your strongest line of defense. It empowers SREs and application teams to maintain development velocity without sacrificing production reliability.

Ready to Actively Defend Your Runtime?

• Start a Trial: Experience the power of active threat detection and blocking on Splunk Observability Cloud.
• Contact Sales: Reach out to your Splunk or Cisco account representative to learn how to activate Secure Application Threat Detection on your existing OTel agents today.

Resources

• How to Detect Runtime Vulnerabilities in Splunk Observability Cloud with Secure Application
• Splunk Observability Cloud Application Security documentation

Reference

¹ AI Coding Assistant Statistics & Trends [2026]

² Veracode 2026 State of Software Security