AI and Regulations Redefine Application Security Priorities in BSIMM16 Report
Event summary
- BSIMM16, released on February 4, 2026, highlights AI as the dominant force reshaping application security priorities for the first time in the model's 16-year history.
- The study, based on 111 organizations and 91,200 applications, shows a 30% increase in SBOM adoption due to regulatory pressures.
- AI-driven shifts include a 10% rise in attack intelligence tracking, 12% increase in risk-ranking for LLM-generated code, and 10% more custom rules for automated code reviews.
- Traditional security training is being replaced by just-in-time, bite-sized learning, with a 29% increase in open collaboration channels for security guidance.
The big picture
The BSIMM16 report underscores a pivotal shift in application security driven by AI's pervasive influence and tightening regulatory frameworks. As organizations grapple with AI-generated code risks and supply chain transparency demands, the industry is witnessing a maturation of security practices, with SBOMs becoming foundational for risk management. This evolution reflects broader trends in governance and operational agility in the tech sector.
What we're watching
- AI Security Risks
- How organizations will adapt to the illusion of correctness in AI-generated code and the need for specialized security measures.
- Regulatory Compliance
- Whether the surge in SBOM adoption will sustain momentum as regulatory mandates expand globally.
- Training Evolution
- The pace at which traditional security training rebounds and integrates with modern development workflows.
Related topics