The Rise of the AppSec Leader: New Research Highlights Growing Importance Amid AI and Supply Chain Threats
In a rapidly evolving digital landscape, the role of the Application Security (AppSec) leader has never been more critical. According to new research released by ArmorCode, a leading Application Security Posture Management (ASPM) platform, in partnership with the Purple Book Community (PBC), 84% of security leaders recognize the AppSec leader’s role as increasingly vital as organizations grapple with challenges like AI-generated code, open-source vulnerabilities, and supply chain threats. The report, titled “The Rise of the AppSec Leader,” underscores the growing need for stronger governance, deeper collaboration between development and security teams, and strategic investments in tools like ASPM to address rising application security risks.
AI-Generated Code: A Double-Edged Sword
As organizations embrace generative AI to accelerate software development, the research reveals that 86% of respondents are already using or exploring AI tools in their security programs. However, this rapid adoption comes with significant concerns:
- 92% reported encountering insecure code generated by AI.
- 83% cited a lack of transparency in AI-generated outputs as a major issue.
These findings highlight the dual nature of AI: while it boosts productivity, it also introduces new vulnerabilities that must be addressed. 65% of respondents believe AI will significantly reshape the AppSec function within the next year, making the AppSec leader’s role indispensable in guiding secure AI use and mitigating emerging risks.
Karthik Swarnam, Chief Security and Trust Officer at ArmorCode and a member of the Purple Book Community, emphasized this shift:
“Applications are now central to how businesses operate and compete. But as development accelerates with AI-generated code, we need stronger governance, deeper collaboration, and leaders who understand both software risk and velocity. That’s where the AppSec leader comes in and why more than 84% of survey respondents believe their role is more important now than ever.”
ASPM Emerges as a Strategic Priority
The research identifies Application Security Posture Management (ASPM) as a top investment focus for 2025, with 76% of respondents naming it their primary priority. As organizations adopt cloud-native development and manage complex environments with multiple security tools, ASPM provides a unified governance layer to assess and mitigate risks across applications, infrastructure, and code.
Key insights include:
- 64% of organizations are expanding their AppSec teams to address growing threats.
- 84% agree that the AppSec leader’s role is now more crucial than ever due to increasing complexity and threats.
Mayank Joshi, Head of Cloud Security and GRC at NetApp, highlighted the importance of visibility in modern software development:
“With so many moving parts in modern software development, exacerbated by the fast adoption of AI-generated code, ASPM gives us the clarity we need to prioritize what matters most and connect all the dots.”
Supply Chain Vulnerabilities Dominate Concerns
The report identifies supply chain vulnerabilities as the most significant threat to enterprise applications, with 84% of respondents citing them as a top concern. Other notable threats include:
- Open-source risks (73%).
- Cloud misconfigurations (73%).
Additionally, 78% of respondents identified managing the sheer volume of vulnerabilities and false positives as a major challenge, while 71% expressed concerns about the speed of software development outpacing security priorities.
Mithun Rajoor, Head of Application and Infrastructure Security at S&P Global, explained the importance of ASPM in addressing these risks:
“Software supply chain threats have emerged as one of the most significant risks in enterprise application security. ASPM enables us to comprehensively assess and mitigate these risks across both internal and third-party components, spanning applications, infrastructure, and code.”
Challenges in DevSecOps Collaboration
Despite increased collaboration between development and security teams under the DevSecOps model, 63% of respondents still report moderate or significant friction in getting developers to adopt security feedback. This disconnect underscores the need for tools and strategies that bridge the gap between these teams while maintaining development velocity.
Jagadish Namboodiri, Director of Global Product Cybersecurity Operations at Wabtec, emphasized the importance of embedding cybersecurity into the product lifecycle:
“With the rapid technological transformation in engineering and critical infrastructure—such as connected devices, Industry 4.0, and new regulations like the CRA and SOCI Act—product security is becoming an imperative component of business strategy. It’s about embedding cybersecurity holistically, from the drawing board to the end of life of the product.”
The Future of AppSec Leadership
The research paints a clear picture: as organizations become increasingly digital-first, the AppSec leader plays a pivotal role in protecting enterprise applications, bridging development and security, and guiding secure AI adoption. With 65% of respondents expecting AI to reshape the AppSec function within the next year, and 76% prioritizing ASPM investments, the demand for skilled AppSec leaders will only grow.
The findings were discussed at the Purple Book Community’s PBC Connect Event during RSAC 2025, where industry leaders shared strategies for scaling application security in fast-paced, AI-driven environments. Panel discussions focused on fostering collaboration, leveraging ASPM for comprehensive risk management, and preparing for the future of application security.
Conclusion: A Defining Moment for AppSec
The rise of AI-generated code, open-source vulnerabilities, and supply chain threats has created unprecedented challenges for application security. At the same time, these trends have elevated the importance of the AppSec leader, who must navigate this complex landscape while ensuring business continuity and innovation. By investing in tools like ASPM and fostering collaboration across teams, organizations can strengthen their security posture and prepare for the future.
As Karthik Swarnam aptly summarized:
“This is a defining moment for AppSec. Applications are the backbone of modern business operations, and securing them requires visionary leadership, advanced tools, and a proactive approach to risk management.”
