Snyk Report shows 88% of CISOs are concerned with current state of U.S. cyber readiness

Having recently reached the 100 day mark of the new administration in the U.S., Snyk thought it important to check in with some of the nation’s CISOs to gauge how they were feeling about the cybersecurity posture of both the nation and their own organizations. In partnership with Researchscape, we surveyed a total of 101 U.S. based CISOs working in Information Security and/or Information Technology who responded to the online survey from April 7 - 21, 2025.

Our findings revealed that 88% of CISOs surveyed expressed concern over the current state of U.S. cyber readiness, with many specifically pointing to AI as a strong impetus for this unease.

According to our research:

• Almost ALL (96%) worry about AI-generated code introducing hidden vulnerabilities.

• A vast majority (85%) noted the rollback of prior executive orders had changed their AI risk posture.

• Nearly three-fourths (70%) have faced an AI-related attack in 2025 alone.

Despite CISOs apprehension about the way AI can negatively affect cybersecurity, most of the respondents remained confident about their ability to maintain a sufficient security posture for their own organizations. According to the data, almost all (94%) of CISOs shared that they hold confidence in their organization’s ability to stay secure and regulatory compliant for the next few years, based on what they’ve seen in the first 100 days. In addition, 90% of CISOs are in agreement that the new administration’s cybersecurity policies will make their organization more secure. 

A Closer Look at our Research Findings:

A deeper dive into the data shows that CISOs are keeping their eye on many factors concerning the current administration and how it is handling potential new AI-related legislation and regulations. The respondents also expressed multiple opinions on how AI-generated code can supercharge productivity, but at the same time, present complications and vulnerabilities that put organizations at risk.  

AI-related regulations

The nation’s cybersecurity regulations and their relationship to AI elicited opinions on both ends of the spectrum for CISOs. For example, 31% of respondents feel AI threats are outpacing regulatory action. On the other hand, 32% believe that policies are keeping pace with AI advancements. In addition, regardless of which side CISOs are on, they understand that, during the next four years, their organizations must also take their own actions to mitigate the cybersecurity pitfalls AI solutions present. Among the defensive actions suggested by CISOs were:

• Generative AI security defense systems (16%) 

• Continuous security validation and breach testing (15%) 

• Real-time vulnerability management platforms (14%) 

• DevSecOps fully integrated with AI development (12%) 

• Security built into software supply chains by design (12%) 

The positives and negatives of AI-generated code

There is little to no debate that AI-generated code is the wave of the future, propelling innovation and greatly contributing to developer productivity. In fact, 87% of CISOs stated that AI is saving developers a “significant” or “moderate” amount of time in the initial development process.

However, 96% of CISOs expressed concern about the potential AI-generated code has to introduce hidden vulnerabilities into their software. CISOs cited multiple factors that could be contributing to this sentiment, including:

• The rapid evolution of AI is outpacing security controls as the biggest AI security challenge in software development today (23%) 

• Developer teams are not skilled enough to implement AI effectively and securely (22%) 

• Lack of clear security standards for AI-generated software (22%) 

CISOs have attempted to mitigate some of these risks with vulnerability identifiers (43%), but 41% say they also introduce security risks to their organization. 

The CISO Report and RSA:

Snyk was able to use these findings as a source of truth to drive the conversation at our recent panel at RSA Conference 2025, “The First 100 Days: How AI, Policy & Cybersecurity Collide Under the New Administration.”

CEO Peter McKay was joined by cybersecurity giants — former CISA director Jen Easterly, former cybersecurity reporter and investor Nicole Perlroth, and Proofpoint CEO Sumit Dhawan — for a discussion moderated by Axios’ Sam Sabin on the outlook for today's CISOs. 

Each expert shared valuable insights on topics such as our continued learnings from the Log4j vulnerability (and Snyk’s role in addressing), how the new administration is shaping digital security policy, and how the US must prepare for threats from nation-states. Snyk continues to strongly believe that security and developer teams must begin by together securing open source platforms, as almost every developer worldwide routinely leverages this code.

The panel, along with the survey findings, are great reminders of why Snyk continues to drive new innovation in the AI Era. We want global organizations to gain all of the benefits of AI-generated code while mitigating the potential vulnerabilities that may come with it. It’s why we’ve made significant steps in reimagining DAST, are actively lending its resources to the open source community and are taking steps to create industry standards as a member of the Coalition for Secure AI (CoSAI).

Want to learn more about how Snyk is supporting CISOs in the AI Era? Join us for our virtual Snyk Launch on May 28th at 10am ET. You can register here to tune in.