Artificial intelligence has fully entered software development teams, but it has not always done so accompanied by the necessary controls. The ability to generate code is advancing at a much faster pace than organizations are able to review it, validate it, and understand its real impact on applications that, in many cases, are critical to the business.

According to a recent report from Salt Security, 67% of organizations already widely use AI code assistants in their development teams, although 38% still rely primarily on manual reviews to validate that code. At the same time, nine out of ten security managers acknowledge being concerned about the risks associated with software generated with artificial intelligence.

Other studies point in the same direction. The State of Code Developer Survey 2026 report, from Sonar, indicates that 42% of the code contributed by developers is already generated or assisted by AI. However, although 96% of professionals do not fully trust that this code is functionally correct, only 48% say they always review it before integrating it.

Difficulties for security teams

Likewise, the State of AI Risk Management 2026 study, by ArmodCode, establishes that 90% of organizations claim to have full visibility of their AI footprint, but at the same time 59% recognize that there is ungoverned Shadow AI within the organization. Additionally, 70% report confirmed or suspected vulnerabilities introduced by AI-generated code, and 73% admit that the pace of AI-accelerated development is making it difficult for security teams to keep up.

For the Spanish technology consultancy h&k, these data reflect that the main challenge is no longer accessing artificial intelligence tools; but in applying them with a work model capable of providing control, traceability and security in real business environments. “The market has gone very quickly from wondering if AI could help develop software to incorporating it into the day-to-day life of teams. But using AI is not the same as governing it. The challenge is not to generate more code in less time, but to know what is being changed, why it is being changed and what impact that change has on the system as a whole,” says Javier Tejada, co-president and head of technology at h&k.

This issue is especially critical in established business applications, where the software does not start from scratch. Many organizations work on legacy systems, with years of evolution, millions of lines of code, poorly documented business rules and a strong dependence on the knowledge accumulated by the people who have participated in each project.

Therefore, h&k warns that applying AI to unstructured development processes can increase risk rather than reduce it. Without clear specifications, without traceability and without continuous validation, artificial intelligence can accelerate tasks; but also amplify errors, generate changes that are difficult to audit or introduce vulnerabilities in critical systems.

New AI-assisted solution

Given this scenario, the technology consulting firm h&k has created a new AI-assisted development solution aimed at helping organizations evolve their applications with greater predictability. The approach is based on moving from an improvised use of AI, focused on isolated prompts, to a model supported by specification, structured knowledge of the system and continuous validation throughout the process.

The proposal allows addressing both the maintenance and evolution of applications as well as the modernization of legacy systems or the development of new solutions. It is not intended to replace software engineering practices; but to reinforce them so that AI operates within a more controlled, auditable framework and aligned with business needs.

“One of the big current problems is to think that it is enough to give more context to a model so that it understands a system better. In complex applications, more information does not always mean better understanding. The important thing is to organize the knowledge, clearly define what you want to change and be able to trace each decision from the business need to the code,” explains Tejada.

In this sense, the company defends that AI applied to software development must advance towards more deterministic models and less dependent on experimentation. This implies knowing how to limit the scope of each change, identify its dependencies, validate its impact and maintain a clear relationship between functional requirements, technical decisions and the final result.

For h&k, this evolution will be key in the coming years, especially in companies that need to modernize critical applications without taking unnecessary risks. The pressure to deliver faster will continue to grow, but speed will only create value if it is accompanied by control, security and auditability.