AI Adoption Surges in Embedded Software, but Governance Trails Behind, Black Duck Warns

The embedded software world is in the middle of a tectonic shift. A new report from Black Duck Software suggests that developers have embraced artificial intelligence at an unprecedented pace—nearly nine in ten companies already use AI coding assistants, and almost every organization is integrating open-source AI models into their products. But while the rush to adopt has been universal, the structures to keep AI safe, secure, and accountable are still catching up.

The “State of Embedded Software Quality and Safety 2025” report, which surveyed 785 development and security professionals globally, paints a picture of an industry racing ahead with innovation while leaving behind critical guardrails. More than one in five organizations admit they lack confidence in their ability to prevent AI from introducing new vulnerabilities. Meanwhile, “Shadow AI”—unauthorized or unsanctioned AI use by developers—is already present in nearly a fifth of companies, compounding unmanaged risks.

“The old software world is gone, giving way to a new set of truths being defined by AI,” said Jason Schmitt, CEO at Black Duck. “To navigate the changes, technical leaders should carry out rigorous validation on AI assistants. Managers should establish formal AI governance policies and invest in training for emerging technologies. Security professionals should update their threat models to include AI-specific risks and leverage SBOMs as a strategic asset for risk management to achieve true scale application security.”

SBOMs Become Market-Driven, Not Just Regulatory

One of the standout findings of the report is the shifting role of Software Bills of Materials (SBOMs). Once considered a compliance checkbox, SBOMs have rapidly evolved into a customer-driven necessity. Roughly 71% of organizations now generate SBOMs, with the majority citing client and partner expectations as the top driver, ahead of regulatory mandates. This signals that software transparency has become a market differentiator, not just a legal requirement.

Memory-Safe Languages Rewrite the Job Description

The study also underscores how the role of embedded developers is changing. A sweeping move toward memory-safe languages—already adopted by more than 80% of surveyed companies—has upended traditional coding skillsets. Python, in particular, is overtaking C++ in some scenarios, reflecting how modern embedded development increasingly overlaps with the languages of data science and automation.

Culture Clash: Leaders vs. Developers

Perhaps the most striking cultural gap revealed in the report is between leadership and practitioners. While 86% of CTOs and directors say their projects are successful, fewer than six in ten hands-on developers agree. This perception divide highlights systemic challenges that could undermine both morale and long-term success if not addressed.

The Road Ahead

Black Duck’s analysis makes clear that embedded software is no longer a niche concern—it’s the backbone of devices, vehicles, and critical infrastructure worldwide. With AI reshaping the way code is written and SBOMs becoming a market standard, companies face a choice: build governance and security into this new reality, or risk falling behind in both safety and competitiveness.

For an industry defined by speed and scale, the challenge now is ensuring that the rush to adopt doesn’t leave cracks in the foundation.