AI and Supply Chain Transparency Reshape Embedded Software Security Landscape

A groundbreaking report from NIST's Cybersecurity Framework reveals a dramatic transformation in embedded software development, with AI adoption reaching unprecedented levels while governance struggles to keep pace. According to the State of Embedded Software Quality and Safety 2025 report, 89.3% of organizations now utilize AI-powered coding assistants, while 96.1% integrate open-source AI models into their products.

AI Adoption Outpaces Security Controls

The widespread embrace of AI technology brings significant challenges. More than one-fifth of organizations lack confidence in implementing essential cybersecurity measures for AI systems, while 18% report instances of "Shadow AI" – unauthorized use of AI tools by developers that creates unmanaged risk vectors.

"The old software world is gone, giving way to a new set of truths being defined by AI," warns Black Duck CEO Jason Schmitt. He emphasizes the need for rigorous validation of AI assistants and formal governance policies.

SBOMs Emerge as Strategic Security Asset

Small business cybersecurity implementation has evolved significantly, particularly in SBOM adoption. The report indicates that 70.8% of organizations now produce SBOMs, with customer demands (39.4%) surpassing regulatory pressure (31.5%) as the primary driver.

Helen Oakley, Director at SAP, notes that AI coding assistants require strict boundaries and oversight to prevent accelerated error propagation.

Leadership-Developer Disconnect Raises Concerns

A concerning gap exists between executive perception and ground-level reality. While 86% of CTOs and directors rated their projects as successful, only 56% of hands-on developers shared this optimism. This disconnect could delay crucial investments in security infrastructure.

Organizations must implement comprehensive security risk assessment protocols to manage emerging threats effectively. Regular security audits, enhanced developer training programs, and improved communication channels between leadership and development teams have become essential components of modern software security strategies.

The evolution of embedded software security demands adaptive approaches through robust AI governance, strategic SBOM implementation, and improved leadership-practitioner alignment. Organizations embracing these changes will be better positioned to navigate this transformative landscape securely.