Black Duck's Latest Research Reveals Shifting Landscape for AI in Embedded Software Security

Black Duck's Insightful Report on AI and Embedded Software

In a rapidly evolving technological environment, Black Duck® Software has released a significant report titled "The State of Embedded Software Quality and Safety 2025.” This document sheds light on the changing dynamics within the embedded software landscape, driven by the increased adoption of artificial intelligence (AI) and improved software supply chain management. Conducted in June 2025, the survey engaged 785 development and security professionals worldwide, offering a comprehensive look at the current state of the embedded software ecosystem across various industries.

Key Findings on AI Adoption and Governance

The findings from Black Duck's report indicate a remarkable trend: nearly 90% of organizations are utilizing AI-powered coding assistants. The enthusiasm for AI is palpable, yet a concerning gap exists regarding governance related to its use. The study found that while a staggering 89.3% of companies employ these AI tools, 21.1% lack the confidence to prevent potential AI-induced security vulnerabilities. This situation emphasizes a crucial need for established security protocols and governance structures as organizations hurtle into this new AI era.

What compounds this risk is the phenomenon dubbed “Shadow AI,” where developers bypass company protocols to utilize AI tools freely. About 18% of companies have reported facing challenges arising from this unregulated usage, underscoring the necessity for tighter management policies.

Shift from Regulation to Commercial Necessity

Another pivotal change highlighted is the evolution of Software Bills of Materials (SBOMs). Initially viewed as a regulatory requirement, SBOMs have now transitioned into commercial essentials for 70.8% of organizations. Companies are increasingly producing these documents primarily due to demands from customers and partners (39.4%), rather than just regulatory compliance (31.5%). This transformation points to a heightened market appreciation for transparency throughout software supply chains.

Reimagining Developer Roles and Skills

The role of embedded developers is undergoing profound changes, particularly concerning programming languages. The report signifies a trend towards adopting memory-safe programming languages, with 80.4% of organizations shifting away from traditional languages like C++. Python’s growing prevalence shows a shifting landscape in the skillsets required for developers, thus reshaping talent acquisition strategies within tech companies.

Disconnect Between Management and Development Perspectives

A notable perception gap is evident between management levels and engineers. Although 86% of CTOs and directors view their projects as successful, only 56% of hands-on developers share this optimistic viewpoint. This discrepancy amplifies potential systemic risks within organizations, revealing a need for better communication and alignment between technical teams and leadership.

Strategic Recommendations Moving Forward

Black Duck CEO, Jason Schmitt, remarks on the crucial adaptations that organizations must undertake amidst these changes. He emphasizes the importance of rigorous validation processes on AI tools, urging technical leaders to implement formal AI governance policies. There is also a call for investments in training for emerging technologies to ensure that technical professionals can meet the shifting landscape head-on.

Moreover, security professionals are advised to update their threat models to accommodate AI-specific risks and leverage SBOMs as strategic assets in risk management practices. This approach can significantly enhance scalable application security measures across the board.

As the embedded software sector continues to advance, companies that effectively navigate these emerging realities will be best positioned to foster innovation while maintaining security and compliance. To delve deeper into these insights, readers can access the full report, join the upcoming webinar on August 28, and explore further through Black Duck’s extensive blog offerings.

Conclusion

In summary, the future of embedded software security is intricately linked to the evolving role of AI. Organizations must act swiftly to harness AI's full potential while effectively managing associated risks. Those that embrace this new paradigm will not only secure their applications but also drive their business strategies forward with confidence. Black Duck remains a leading force in helping organizations navigate these uncharted waters, ensuring trust and security in the modern software landscape.