{"id":106231,"date":"2025-12-24T17:06:49","date_gmt":"2025-12-24T15:06:49","guid":{"rendered":"https:\/\/staging.checkmarx.com\/?p=106231"},"modified":"2025-12-29T20:24:37","modified_gmt":"2025-12-29T18:24:37","slug":"future-of-dast-why-ai-generated-code-demands-a-new-strategy","status":"publish","type":"post","link":"https:\/\/checkmarx.com\/blog\/future-of-dast-why-ai-generated-code-demands-a-new-strategy\/","title":{"rendered":"Future of DAST: Why AI-Generated Code Demands a New Strategy\u00a0"},"content":{"rendered":"

AI is accelerating software development faster than any previous technological shift, embedding itself into the everyday developer workflow. As a result, both development speed and productivity have surged, but security teams are experiencing the opposite: more complexity, less visibility, and growing uncertainty about what code is actually <\/em>running in production. <\/p>\n\n\n\n

This gap exposed that many organizations are still relying heavily on AppSec tools that predate AI-generated code. And they\u2019re quickly discovering, sometimes painfully, that these tools are struggling to make sense of (let alone protect) code created by AI. <\/p>\n\n\n\n

This convergence is driving an unexpected shift in application security: DAST is experiencing a renaissance. <\/p>\n\n\n\n

For years, DAST (Dynamic Application Security Testing) was dismissed as a \u201cnice to have,\u201d useful primarily for checking compliance boxes or just viewed as a pen testing tool. But as AI accelerates code creation and introduces new behaviors and attack surfaces, organizations are rediscovering that DAST is actually a critical pillar of AppSec. Only DAST can provide the broad deployment and meaningful security coverage needed in this new reality; coverage that static tools simply can’t deliver in an AI-driven world. <\/p>\n\n\n\n

This was the central theme of our recent webinar, The Future of DAST: Why AI-Generated Code Demands a New Strategy<\/em><\/a>, hosted by Checkmarx product leaders. Grounded in data from our annual Future of AppSec Report<\/a>, the discussion explored some pressing questions: In a world where AI is reshaping how applications are built, what\u2019s working, what\u2019s broken, and why is DAST suddenly rising from the dead to become a crucial safeguard?<\/strong> <\/p>\n\n\n\n

Meet the Expert Panel <\/h2>\n\n\n\n

To explore these questions, we brought together three Checkmarx leaders uniquely positioned at the intersection of DAST innovation and AI-driven development: <\/p>\n\n\n\n

Simon Bennetts<\/strong>, ZAP Software Engineering Expert, Checkmarx and ZAP project leader and founder.<\/em> <\/p>\n\n\n\n

Frank Emery<\/strong>, Director of Product Management, Checkmarx<\/em> <\/p>\n\n\n\n

Moderated by Avi Hein<\/strong>, Senior Product Marketing Manager at Checkmarx<\/em>, the conversation offered a candid look at the future of application security, and why DAST has become essential in the age of AI. <\/p>\n\n\n\n

The Hidden Reality of AI-Generated Code <\/h2>\n\n\n\n

The webinar opened with a simple poll: What percentage of your organization’s application code is AI-generated?<\/em> The result was revealing, nearly half of respondents answered, \u201cWe don’t know.\u201d <\/p>\n\n\n\n

This sentiment aligns with findings from our Future of AppSec Report<\/em>, which showed that while organizations recognize the risks of AI-generated code, they deploy it anyway. At the same time, however, the report revealed something surprising: DAST adoption is rising sharply. <\/p>\n\n\n\n

\u201c47% said they have DAST in place for 2025, up from 38% last year,\u201d<\/em> Avi <\/strong>noted. \u201cThat’s nearly a 24% increase year over year.\u201d<\/em> <\/p>\n\n\n\n

This growth signals a critical shift: organizations are increasingly recognizing that AI will be present in their code, but they\u2019re also admitting that their traditional security approaches aren\u2019t keeping up. The result? They\u2019re returning to runtime testing engines like DAST to close the gap. <\/p>\n\n\n\n

The DAST Renaissance <\/h2>\n\n\n\n

For the past decade, DAST lived in the margins of AppSec programs. It wasn\u2019t ignored entirely, but it wasn\u2019t central either. Many organizations ran it infrequently, before a major release or to satisfy a compliance requirement. <\/p>\n\n\n\n

Simon <\/strong>described this evolution: \u201cDAST started strong…But then as applications changed, DAST found it harder to explore these applications. Even authentication got really hard.\u201d<\/em> <\/p>\n\n\n\n

As modern frameworks and authentication flows grew more complex, DAST struggled to keep up. Meanwhile, SAST surged in popularity because it was so simple to use. As Simon <\/strong>put it, \u201cSAST was much easier to set up. You point it at your repo, and it can just go from there.\u201d<\/em>  Suddenly, organizations were treating it as a choice: DAST or SAST. <\/p>\n\n\n\n

But the truth is that no single testing method provides complete coverage. <\/p>\n\n\n\n

Simon <\/strong>emphasized: \u201cI’ve never bought into the DAST or SAST thing. It’s much more important to combine these [two engines]. There is no one view of security.\u201d<\/em> <\/p>\n\n\n\n

In the AI era, DAST\u2019s unique strength in being to see what actually happens when an application runs matters more than ever. DAST reveals what\u2019s \u201cgenuinely vulnerable, delivering fewer false positives and a better signal-to-noise ratio than static analysis alone.\u201d<\/em> <\/p>\n\n\n\n

The AI Twist: Code That Looks <\/em>Secure <\/h2>\n\n\n\n

One of the most compelling insights that emerged from the discussion was about AI-generated code. Many developers assume that if AI writes the code, it must be secure.  <\/p>\n\n\n\n

Frank <\/strong>explained why that assumption is dangerous: \u201cPeople have this impression that AI-generated code is secure because the AI knows better. But what we\u2019re finding is AI writes code that looks very secure but still has a lot of gaps.\u201d<\/em> <\/p>\n\n\n\n

And DAST plays a critical role in catching these hidden flaws. <\/p>\n\n\n\n

Frank <\/strong>put it bluntly: \u201cDAST is acting as the police officer, confirming that all of the code that’s being written \u2013 especially by AI \u2013 is actually being written correctly.\u201d With decades of development and maturity behind it, DAST can catch vulnerabilities that other tools miss. <\/p>\n\n\n\n

This is why organizations relying heavily on GitHub Copilot, ChatGPT, and other generative tools are increasingly turning to DAST for protection. <\/p>\n\n\n\n

DAST Adoption Lagged, But It\u2019s Accelerating Now <\/h2>\n\n\n\n

Although DAST has always been powerful, its adoption has historically been slow.  <\/p>\n\n\n\n

Simon <\/strong>summarized the challenge: \u201cDAST\u2026 is not as simple as SAST. You need a running system. You need to be able to authenticate. You need to be able to explore the application…Knowing how to tune [DAST] best for your applications is hard.\u201d <\/p>\n\n\n\n

Frank <\/strong>agreed and added: \u201cYou start to see onboarding and adoption issues when you create a bottleneck around how DAST is used. Historically, you have experts…in charge of getting DAST up and running and that fundamentally restricted how much it could be adopted.\u201d<\/em> <\/p>\n\n\n\n

This complexity meant many organizations limited DAST usage to a handful of specialists, and you had to pick and choose what to test and how to test it. But modern DAST tools are focused on solving some of the usability challenges that more people within an organization can set up DAST. <\/p>\n\n\n\n

As Avi <\/strong>joked: \u201cIf I can set it up, anybody can.\u201d<\/em> <\/p>\n\n\n\n

It\u2019s this new focus on accessibility that is driving much of DAST\u2019s resurgence today. <\/p>\n\n\n\n

Will AI Replace DAST? Not Even Close. <\/h2>\n\n\n\n

A major question during the session was whether agentic security systems might eventually replace DAST. <\/p>\n\n\n\n

Simon\u2019s <\/strong>answer was unequivocal: \u201cI don’t see agentic systems as being a threat to DAST and they won’t replace DAST, but I do see that DAST will feed into agentic systems, and we\u2019ll also get LLMs configuring these systems.\u201d <\/em> He explained that there will be a shift in the marketplace, but DAST remains unmatched and it won\u2019t be going anywhere any time soon. <\/p>\n\n\n\n

Frank <\/strong>echoed this view: \u201cLLMs are not going to get rid of DAST at all. It\u2019s just a more expensive way to solve a problem, but they will get rid of a lot of the manual stuff.\u201d<\/em> He sees LLMs playing a role in helping to configure and scale DAST. It will look different than how people are envisioning it.  <\/p>\n\n\n\n

The consensus was that AI will be leveraged to enhance DAST by automating configuration, improving coverage, and reducing human effort \u2013 while DAST continues to anchor runtime security. <\/p>\n\n\n\n

\"Future<\/figure>\n\n\n\n

Testing AI-Powered Apps <\/h2>\n\n\n\n

As organizations deploy more AI-powered applications, a critical question emerged during the session: How do we test the security of AI-powered AppSec engines? <\/p>\n\n\n\n

Frank <\/strong>admitted that AI introduces the need for entirely new testing requirements that go beyond traditional DAST capabilities: <\/p>\n\n\n\n

\u201cThe end goal [of trying to secure your application and trying to find vulnerabilities] hasn\u2019t changed. But, as new technologies come out, likely the engines you involve and how you orchestrate them together will look a little bit different. And that\u2019s where some of the value of more modern DAST tools is going to come in.\u201d <\/p>\n\n\n\n

But eventually we will need AI solutions that can secure themselves. Frank <\/strong>discussed the broader vision of self-securing applications, which he broke into four essential steps: identifying vulnerabilities, triaging them, fixing them, and verifying the fix. <\/p>\n\n\n\n

\u201cPeople think this idea of a self-securing application is very Star Trek,\u201d <\/em>Frank <\/strong>said. \u201cI’m a huge believer. I think we’re actually a lot closer than people realize.\u201d<\/em> <\/p>\n\n\n\n

DAST already plays a central role in three of these four steps \u2013 it’s the foundation that will ultimately make self-securing applications possible. <\/p>\n\n\n\n

Why Siloed Security Tools Are Failing <\/h2>\n\n\n\n

The session concluded with a discussion about fragmented AppSec stacks \u2013 having separate tools for SAST, SCA, and DAST, with each producing isolated reports with no correlation between findings. <\/p>\n\n\n\n

When asked if this fragmentation is truly as problematic as it sounds, Simon <\/strong>didn’t hesitate: \u201cNo, it is as bad as you’re making it sound. It’s generally horrible.\u201d<\/em> <\/p>\n\n\n\n

Issues fall through the cracks, teams lose visibility, and developers drown in noise. Frank <\/strong>connected this directly to the AI acceleration challenge: \u201cIf you’re generating code ten times faster and your security team isn’t getting ten times faster, then you’re going to have to make difficult decisions, and that’s where risk emerges.\u201d<\/em> <\/p>\n\n\n\n

The solution lies in unified AppSec platforms like Checkmarx One, which consolidate findings across all testing engines, correlate signals to reduce noise, and deliver security feedback directly into developer workflows \u2013 at the speed AI demands. <\/p>\n\n\n\n

What Will 2026 Look Like? <\/h2>\n\n\n\n

Everyone agrees that AI-generated applications will become more standardized, making DAST more effective over time: 
According to Frank<\/strong>, \u201cwith LLM-generated apps, there\u2019s more standardization\u2026 The bulk will coalesce around standard ways of doing things, and that will make our jobs easier.\u201d<\/em> <\/p>\n\n\n\n

He also predicts growing reliance on DAST as the primary method for validating AI-generated code: \u201cPeople are going to rely on DAST progressively more as the way to secure AI-generated code. It\u2019s too easy a solution to the problems we\u2019re seeing for it not to become standardized.\u201d<\/em> <\/p>\n\n\n\n

The Takeaway: DAST Is No Longer Optional <\/h2>\n\n\n\n

Across the entire discussion, the message was unmistakable: DAST has shifted from a compliance checkbox to a mission-critical security control for the AI era.<\/strong> <\/p>\n\n\n\n

As AI accelerates development and introduces new runtime behaviors, only DAST can reveal what is truly exploitable in the live application. Organizations that treat DAST as optional will struggle to keep up with the pace and unpredictability of AI-driven development. <\/p>\n\n\n\n

Those that embrace it and integrate it into unified AppSec workflows will be best positioned to secure the next generation of software. <\/p>\n\n\n\n

Find Out More\u00a0About DAST\u00a0<\/h2>\n\n\n\n

Want to see the future of DAST?  Contact us for a demo<\/a> and a discussion about the future \u2013 and present \u2013 of DAST and why DAST is so critical for the AI era. <\/p>","protected":false},"excerpt":{"rendered":"

AI is accelerating software development faster than any previous technological shift, embedding itself into the everyday developer workflow. As a result, both development speed and productivity have surged, but security teams are experiencing the opposite: more complexity, less visibility, and growing uncertainty about what code is actually running in production.  This gap exposed that many organizations are still relying heavily on AppSec tools that predate AI-generated code. And they\u2019re quickly discovering, sometimes painfully, that these tools are struggling to […]<\/p>\n","protected":false},"author":84,"featured_media":106232,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[85,84,1424,1283,1292,1282],"tags":[1429,87,1470,479],"class_list":["post-106231","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-application-security-trends","category-blog","category-checkmarx-one","category-checkmarx-product-use-cases-guides","category-dast","category-devsecops-integration-automation","tag-ai-generated-code-2","tag-appsec","tag-dast","tag-webinar"],"acf":[],"yoast_head":"\nFuture of DAST: Why AI-Generated Code Demands a New Strategy\u00a0<\/title>\n<meta name=\"description\" content=\"AI-generated code is reshaping AppSec. Learn why DAST is a critical security control and what experts say about its role in the future\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/checkmarx.com\/blog\/future-of-dast-why-ai-generated-code-demands-a-new-strategy\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Future of DAST: Why AI-Generated Code Demands a New Strategy\u00a0\" \/>\n<meta property=\"og:description\" content=\"AI-generated code is reshaping AppSec. Learn why DAST is a critical security control and what experts say about its role in the future\" \/>\n<meta property=\"og:url\" content=\"https:\/\/checkmarx.com\/blog\/future-of-dast-why-ai-generated-code-demands-a-new-strategy\/\" \/>\n<meta property=\"og:site_name\" content=\"Checkmarx\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\" \/>\n<meta property=\"article:published_time\" content=\"2025-12-24T15:06:49+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-12-29T18:24:37+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/12\/Blog-Banner-1.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"2560\" \/>\n\t<meta property=\"og:image:height\" content=\"1280\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"Avi Hein\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@checkmarx\" \/>\n<meta name=\"twitter:site\" content=\"@checkmarx\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Avi Hein\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"11 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/checkmarx.com\/blog\/future-of-dast-why-ai-generated-code-demands-a-new-strategy\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/future-of-dast-why-ai-generated-code-demands-a-new-strategy\/\"},\"author\":{\"name\":\"Avi Hein\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/person\/3546917fa0246ce4d997275a745acd79\"},\"headline\":\"Future of DAST: Why AI-Generated Code Demands a New Strategy\u00a0\",\"datePublished\":\"2025-12-24T15:06:49+00:00\",\"dateModified\":\"2025-12-29T18:24:37+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/future-of-dast-why-ai-generated-code-demands-a-new-strategy\/\"},\"wordCount\":2168,\"publisher\":{\"@id\":\"https:\/\/checkmarx.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/future-of-dast-why-ai-generated-code-demands-a-new-strategy\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/12\/Blog-Banner-1.webp\",\"keywords\":[\"AI generated code\",\"AppSec\",\"dast\",\"Webinar\"],\"articleSection\":[\"Application Security Trends & Insights\",\"Blog\",\"Checkmarx One\",\"Checkmarx Product News, Use Cases & Guides\",\"DAST\",\"DevSecOps Integration & Automation\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/checkmarx.com\/blog\/future-of-dast-why-ai-generated-code-demands-a-new-strategy\/\",\"url\":\"https:\/\/checkmarx.com\/blog\/future-of-dast-why-ai-generated-code-demands-a-new-strategy\/\",\"name\":\"Future of DAST: Why AI-Generated Code Demands a New Strategy\u00a0\",\"isPartOf\":{\"@id\":\"https:\/\/checkmarx.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/future-of-dast-why-ai-generated-code-demands-a-new-strategy\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/future-of-dast-why-ai-generated-code-demands-a-new-strategy\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/12\/Blog-Banner-1.webp\",\"datePublished\":\"2025-12-24T15:06:49+00:00\",\"dateModified\":\"2025-12-29T18:24:37+00:00\",\"description\":\"AI-generated code is reshaping AppSec. Learn why DAST is a critical security control and what experts say about its role in the future\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/checkmarx.com\/blog\/future-of-dast-why-ai-generated-code-demands-a-new-strategy\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/blog\/future-of-dast-why-ai-generated-code-demands-a-new-strategy\/#primaryimage\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/12\/Blog-Banner-1.webp\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/12\/Blog-Banner-1.webp\",\"width\":2560,\"height\":1280},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/checkmarx.com\/#website\",\"url\":\"https:\/\/checkmarx.com\/\",\"name\":\"Checkmarx\",\"description\":\"The world runs on code. We secure it.\",\"publisher\":{\"@id\":\"https:\/\/checkmarx.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/checkmarx.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/checkmarx.com\/#organization\",\"name\":\"Checkmarx\",\"url\":\"https:\/\/checkmarx.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"width\":1,\"height\":1,\"caption\":\"Checkmarx\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\",\"https:\/\/x.com\/checkmarx\",\"https:\/\/www.youtube.com\/user\/CheckmarxResearchLab\",\"https:\/\/www.linkedin.com\/company\/checkmarx\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/person\/3546917fa0246ce4d997275a745acd79\",\"name\":\"Avi Hein\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/06\/avatar_84.png\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/06\/avatar_84.png\",\"caption\":\"Avi Hein\"},\"url\":\"https:\/\/checkmarx.com\/author\/avihein\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Future of DAST: Why AI-Generated Code Demands a New Strategy\u00a0","description":"AI-generated code is reshaping AppSec. Learn why DAST is a critical security control and what experts say about its role in the future","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/checkmarx.com\/blog\/future-of-dast-why-ai-generated-code-demands-a-new-strategy\/","og_locale":"en_US","og_type":"article","og_title":"Future of DAST: Why AI-Generated Code Demands a New Strategy\u00a0","og_description":"AI-generated code is reshaping AppSec. Learn why DAST is a critical security control and what experts say about its role in the future","og_url":"https:\/\/checkmarx.com\/blog\/future-of-dast-why-ai-generated-code-demands-a-new-strategy\/","og_site_name":"Checkmarx","article_publisher":"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","article_published_time":"2025-12-24T15:06:49+00:00","article_modified_time":"2025-12-29T18:24:37+00:00","og_image":[{"width":2560,"height":1280,"url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/12\/Blog-Banner-1.webp","type":"image\/webp"}],"author":"Avi Hein","twitter_card":"summary_large_image","twitter_creator":"@checkmarx","twitter_site":"@checkmarx","twitter_misc":{"Written by":"Avi Hein","Est. reading time":"11 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/checkmarx.com\/blog\/future-of-dast-why-ai-generated-code-demands-a-new-strategy\/#article","isPartOf":{"@id":"https:\/\/checkmarx.com\/blog\/future-of-dast-why-ai-generated-code-demands-a-new-strategy\/"},"author":{"name":"Avi Hein","@id":"https:\/\/checkmarx.com\/#\/schema\/person\/3546917fa0246ce4d997275a745acd79"},"headline":"Future of DAST: Why AI-Generated Code Demands a New Strategy\u00a0","datePublished":"2025-12-24T15:06:49+00:00","dateModified":"2025-12-29T18:24:37+00:00","mainEntityOfPage":{"@id":"https:\/\/checkmarx.com\/blog\/future-of-dast-why-ai-generated-code-demands-a-new-strategy\/"},"wordCount":2168,"publisher":{"@id":"https:\/\/checkmarx.com\/#organization"},"image":{"@id":"https:\/\/checkmarx.com\/blog\/future-of-dast-why-ai-generated-code-demands-a-new-strategy\/#primaryimage"},"thumbnailUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/12\/Blog-Banner-1.webp","keywords":["AI generated code","AppSec","dast","Webinar"],"articleSection":["Application Security Trends & Insights","Blog","Checkmarx One","Checkmarx Product News, Use Cases & Guides","DAST","DevSecOps Integration & Automation"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/checkmarx.com\/blog\/future-of-dast-why-ai-generated-code-demands-a-new-strategy\/","url":"https:\/\/checkmarx.com\/blog\/future-of-dast-why-ai-generated-code-demands-a-new-strategy\/","name":"Future of DAST: Why AI-Generated Code Demands a New Strategy\u00a0","isPartOf":{"@id":"https:\/\/checkmarx.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/checkmarx.com\/blog\/future-of-dast-why-ai-generated-code-demands-a-new-strategy\/#primaryimage"},"image":{"@id":"https:\/\/checkmarx.com\/blog\/future-of-dast-why-ai-generated-code-demands-a-new-strategy\/#primaryimage"},"thumbnailUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/12\/Blog-Banner-1.webp","datePublished":"2025-12-24T15:06:49+00:00","dateModified":"2025-12-29T18:24:37+00:00","description":"AI-generated code is reshaping AppSec. Learn why DAST is a critical security control and what experts say about its role in the future","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/checkmarx.com\/blog\/future-of-dast-why-ai-generated-code-demands-a-new-strategy\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/blog\/future-of-dast-why-ai-generated-code-demands-a-new-strategy\/#primaryimage","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/12\/Blog-Banner-1.webp","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/12\/Blog-Banner-1.webp","width":2560,"height":1280},{"@type":"WebSite","@id":"https:\/\/checkmarx.com\/#website","url":"https:\/\/checkmarx.com\/","name":"Checkmarx","description":"The world runs on code. We secure it.","publisher":{"@id":"https:\/\/checkmarx.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/checkmarx.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/checkmarx.com\/#organization","name":"Checkmarx","url":"https:\/\/checkmarx.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","width":1,"height":1,"caption":"Checkmarx"},"image":{"@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","https:\/\/x.com\/checkmarx","https:\/\/www.youtube.com\/user\/CheckmarxResearchLab","https:\/\/www.linkedin.com\/company\/checkmarx"]},{"@type":"Person","@id":"https:\/\/checkmarx.com\/#\/schema\/person\/3546917fa0246ce4d997275a745acd79","name":"Avi Hein","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/#\/schema\/person\/image\/","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/06\/avatar_84.png","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/06\/avatar_84.png","caption":"Avi Hein"},"url":"https:\/\/checkmarx.com\/author\/avihein\/"}]}},"_links":{"self":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/posts\/106231","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/users\/84"}],"replies":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/comments?post=106231"}],"version-history":[{"count":0,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/posts\/106231\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/media\/106232"}],"wp:attachment":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/media?parent=106231"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/categories?post=106231"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/tags?post=106231"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}