Black Duck's new State of AI-Powered Software Development report, written up from an independent UserEvidence survey of 831 enterprise software engineers and DevOps professionals at organizations with 500+ employees, finds 97% of respondents actively using AI coding assistants. GitHub Copilot leads at 83% of teams, Claude Code at 63%, and most teams run more than one. Ninety-two percent credit the tools with faster releases, and respondents say the assistants hand each developer roughly eight hours back per week. Only about 30% report a fully governed approach to AI coding tools.
The headline number is less interesting than the gap underneath it. Nine in ten teams say they've hit problems with AI-generated code somewhere in their workflow, and 64% say they are moderately or extremely concerned the assistants will introduce security defects. Worry rises with usage — the teams leaning hardest on the tools are also the ones most uneasy about them. That pattern lines up with a familiar trajectory: productivity gains show up first, downstream costs (review time, vulnerability cleanup, IP audits) show up months later.
This survey is a clean snapshot of where AI coding sits in 2026: ubiquitous, productive, lightly governed. It also explains why the rest of this week's news clusters where it does — OpenAI buying Ona to run Codex agents unattended, GitHub putting background agents in front of every repo, Anthropic shipping cloud sandboxes for Claude Code. The race isn't to add the tool anymore. It's to make the tool safe enough to leave running.
Takeaway for learners: "my team uses AI" is no longer a differentiator on a resume — the survey says everyone's team uses AI. What is becoming differentiating is the discipline around it: writing evals before you ship a prompt, code-reviewing AI output as carefully as junior-engineer output, and being able to explain to a security lead how you'd catch a regression an assistant introduced. The governance gap in the data is also the skill gap to fill.