Automatic fixing of issues found by code scanners

Health services company Optum Inc participated in a 2024 beta test of GitHub’s Copilot Autofix in which developers used Autofix to help them fix issues in new code before it was fed to production. “Since implementing Copilot Autofix, we’ve observed a 60% reduction in the time spent on security-related code reviews and a 25% increase in overall development productivity,” said Kevin Cooper, principal engineer at Optum.

Seeking to improve security scanning during software development, manufacturer Komatsu deployed Snyk Open Source and Snyk Cloud for static application security texting, (SAST), giving employees a single place where they could view metrics on code quality, vulnerabilities and dependencies’ vulnerabilities. Komatsu primarily measures success based on how quickly it can identify critical and high vulnerabilities and the time to remediate those vulnerabilities. Snyk’s insights during the development process enabled Komatsu to reduce mean time to fix by 62% over the first three months following implementation and to improve its risk posture by 28% over a period of six months, according to a Snyk case study.

IBM’s 2024 Cost of a Data Breach report found AI-powered security and automation are paying off, lowering breach costs in some instances by an average of $2.2 million. “Defenders without AI and automation to assist them can expect to take longer to detect and contain a breach, and see costs rise compared to those who use these solutions,” the report says.

The power of these systems is driving rapid adoption. The market for AI code tools was valued at $6.04 billion in 2024 and is expected to reach $37.34 billion by 2032 and grow annually by 25.62% from 2025-2032, according to research and consulting firm SNS Insights.