AI-generated code will introduce systemic vulnerabilities into the supply chain

· Posted on: January 28th 2026 · read

Working

AI is quickly becoming the developer’s constant companion. From writing entire functions to patching bugs, AI tools promise faster delivery and cheaper development. But speed often comes at a cost. 

Many of today’s AI-generated outputs are not built with secure coding practices in mind and over reliance on these tools is “dumbing down” human developers, reducing the critical eye needed to spot flaws before code is deployed. The result in many cases is poorly vetted, machine-written code entering products and services unchecked. These vulnerabilities don’t just affect a single application, they ripple across the supply chain. Downstream vendors may unknowingly introduce insecure code that becomes embedded in critical systems at banks, hospitals and government agencies. It’s the same dynamic we saw with SolarWinds, only now, the risk is amplified by the scale and speed of AI-driven development. 

Compounding the problem, attackers are also harnessing AI. While human developers may take weeks or months to detect a weakness, malicious AI systems can analyse massive codebases in hours — spotting exploitable flaws and weaponizing them at a speed that humans cannot match.

In effect, enterprises are not only introducing insecure code, but they’re doing so into an environment where adversaries are better equipped than ever to exploit it. Organizations will need to rethink their approach to software assurance. Vendor due diligence can’t stop at the first tier of suppliers — it must extend into the “fourth-party” risks buried deep in the software bill of materials (SBOM). 

Secureby-design practices, continuous code review and real-time vulnerability scanning will be essential safeguards against an AI-driven flood of insecure software. In 2026, the risk is clear: unchecked AI-generated code won’t just break products— it could compromise entire ecosystems. The supply chain has always been a weak link in cybersecurity, but AI threatens to make it the weakest one yet. 

The information provided here is of a general nature and is not intended to address the specific circumstances of any individual or entity. In specific circumstances, the services of a professional should be sought. © 2025 Baker Tilly Advisory Group, LP.

Predictions 2026 e-book

MHA Predictions ebook 2026

MHA Predictions 2026

Download our e-book now

For more information

Contact the team

View additional insights in this series

PC Circuit Board
Spotlight on

MHA’s Industry Predictions for 2026

Construction
Insights

How Construction and Real Estate Will Navigate Change in 2026

Atul Kariya Atul Kariya Partner
Tech panel
Insights

AI will continue to be cybersecurity’s double-edged sword

Share this article
Related tags
Industries
Appolinary kalashnikova WY Gh T Lym344 unsplash
Close

Get in touch

Please complete this form and we'll get back to you as soon as we can.

Click here to review our privacy policy
You can email us at [email protected]
City scape
Close

Sign up for news, insights and events

Please provide your details below and select the topics you're interested in. You can manage your preferences or unsubscribe from our communications at any time via the links in the emails we will send you.

Industries
Services

Your details