Embedded software races ahead with AI – but security is falling behind 

The latest State of Embedded Software Quality and Safety 2025 report from Black Duck paints a telling picture: 

• Nearly 90% of organisations are already using AI code assistants in development. 

• Open-source adoption is increasing, with most companies now required to provide SBOMs and regularly scan their dependencies. 

• A confidence gap exists: senior managers believe quality goals are consistently met, while only just over half of engineers agree. 

• Developers warns about safety, patching in the field, and protecting intellectual property once software is deployed. 

Collectively, these findings suggest that while embedded development is moving quickly with AI and open-source, governance and security practices are struggling to keep pace. 

This imbalance creates subtle but significant risks. Reliance on open-source and AI-generated code can unintentionally introduce vulnerabilities and expose proprietary logic. Protecting the binary layer is therefore essential. Once embedded software is deployed, binary-level protections ensure it remains resilient against reverse engineering and tampering; regardless of upstream development practices. 

Emproof Nyx addresses this challenge by hardening embedded binaries using lightweight protections that safeguard intellectual property and make reverse engineering more difficult, all while keeping performance overhead low. 

As the Black Duck report shows, embedded software is evolving rapidly. Unless governance and security practices catch up, the gap between how embedded systems are built and how they are protected will continue to widen. Protecting binaries is now just as critical as securing the development process itself.