The Rise of the AppSec Leader: Survey Findings

Blog April 28, 2025
Jeremy Benensohn - Senior Brand & Content Manager, ArmorCode
Jeremy Benensohn
Research from ArmorCode and the Purple Book Community: Rise of the AppSec Leader

As part of The Purple Book Community’s PBC Connect event at RSA Conference 2025, new research conducted in partnership with ArmorCode was showcased which illuminates the growing strategic importance of AppSec leaders amid rapid shifts in software development and threats. The Rise of the AppSec Leader survey, polling CISOs and other security leaders, uncovered concerns around the increasing threat of AI-generated code, the importance of AppSec leaders improving collaboration with developers, and the technologies increasingly vital to reducing risk across the enterprise.

Challenges and opportunities facing today’s AppSec leaders were discussed at PBC Connect, as outlined by the following key findings:

Rise of AppSec Leaders

  1. Application security leadership is gaining importance
    • 84% of respondents said the role of the AppSec leader is more important now than it was 2-3 years ago.
  2. Organizations are investing in AppSec talent
    • 64% of organizations reported growing their AppSec teams (slightly or significantly), showing greater prioritization for securing applications against increasing attacks.
  3. AppSec leaders value community
    • 72% said that participating in a peer community is essential or very important for their success as a security leader.

AI Risks, Opportunities, and Use in AppSec

  1. AI risk remains top of mind
    • Among respondents who experienced issues with AI tools, 92% cited insecure code, and 83% pointed to a lack of transparency as their top concerns.
    • Despite these concerns, 76% said their organizations have yet encountered a security issue from the use of AI or machine learning in applications.
  2. Open-source AI tools are under scrutiny
    • 59% of respondents believe open-source AI models are safer, while 41% feel the same way about closed source AI models. 
    • However, 76% say recent incidents, such as DeepSeek’s database exposure, phishing and prompt injections, will prevent their company from using it in the future.
  3. AI is reshaping the AppSec function
    • 86% of respondents are already using or actively exploring generative AI tools in their AppSec programs. 
    • 65% believe AI will significantly reshape the AppSec function within the next year.

Top Threats and Pain Points

  1. A wide variety of top AppSec threats and concerns
    • 84% said that supply chain vulnerabilities were the most significant threat to their enterprise applications. 
    • 73% said open-source vulnerabilities.  
    • 73% said misconfigurations or cloud security gaps. 
    • 63% said compromised credentials, identity access. 
    • 57% said zero-day exploits. 
    • 55% said GenAI- based threats. 
    • 51% said lack of application security posture visibility. 
  2. The volume of vulnerabilities and false positives is the biggest challenge for managing code security
    • 78% said managing volume of vulnerabilities and false positives.
    • 71% said speed of software development over security.
    • 65% said visibility across all applications and AppSec tools.  
    • 51% said managing open-source software vulnerabilities.
    • 49% said difficulty with integrating DevSecOps.
    • 47% said lack of skilled application security personnel.
    • 37% said lack of generative AI oversight for development.

AppSec Investment and Measurement

  1. ASPM noted as a top area for 2025 investment
    • 76% noted that application security posture management (ASPM) is their top investment priority for 2025. 
    • 61% said vulnerability management and 59% noted application security testing as their next two top investment priorities. 
  2. Security teams are focused on measurable impact
    • 84% of respondents track vulnerability reduction as a primary success metric. 
    • 75% noted the coverage of mission critical applications or services.
    • 75% said the adoption of security tools and processes by development teams. 

DevSecOps Integration Improves

  1. Developer collaboration is stronger than ever:
    • 76% of AppSec professionals described their relationship with development teams as positive or highly collaborative. 
    • Nearly 80% meet with development teams weekly or more often (e.g., having daily collaboration and joint efforts).
    • Yet, friction still exists when trying to get developers to adopt AppSec feedback and suggestions (63% reported moderate or significant resistance).

For more insights from the Rise of the AppSec Leader research and panel discussions at PBC Connect, follow ArmorCode and The Purple Book Community on LinkedIn and stay tuned for videos from the floor of PBC’s premier event for security leaders at RSAC 2025.

Share on LinkedIn Share on X Share on Reddit

Related resources

Blog

3 Reasons ASPM is Transformational: Our Takeaways from the Gartner® Hype Cycle™ for Application Security, 2024
Blog

5 Tips for Evaluating & Implementing an ASPM Solution
Customer Story

How Shutterfly Unified Visibility and Reduced Risk with the ArmorCode ASPM Platform

Seeing Is Believing

Schedule a demo or take a tour today.

Get started