ArmorCode, a leading provider of Application Security Posture Management (ASPM) platforms, and the Purple Book Community (PBC), a network of senior security leaders, have unveiled their collaborative research titled “The Rise of the AppSec Leader” at RSAC 2025 in San Francisco. The study, which surveyed Chief Information Security Officers (CISOs) and other security professionals, revealed that ASPM is rapidly gaining traction as a strategic investment, with 76% of respondents endorsing this trend. This surge in interest is primarily driven by the significant rise in AI-generated code, as 92% of those surveyed reported an increase in instances of insecure code. The research highlights the growing importance of application security in today's technology landscape, where the proliferation of AI and machine learning is not just a boon but also a potential risk. With the increasing reliance on automated tools for code generation, the need for robust security measures has never been more critical. The findings underscore that organizations are increasingly recognizing the value of investing in ASPM to mitigate these risks and safeguard their applications from vulnerabilities. One of the key insights from the survey is the shift in perception among security leaders. While traditional cybersecurity measures remain essential, the survey indicates a growing awareness of the specific challenges posed by modern application development practices. The integration of AI into software development has introduced new complexities and security concerns, particularly around code integrity and vulnerability management. Consequently, CISOs and their teams are prioritizing ASPM solutions that can offer real-time visibility and control over the entire application development lifecycle. The research also delves into the practical implications of this trend. For instance, many organizations are adopting continuous integration/continuous deployment (CI/CD) pipelines, which require seamless integration of security protocols. This shift not only enhances the speed and efficiency of development but also ensures that security is integrated at every stage, reducing the likelihood of vulnerabilities making it into production. Moreover, the study reveals that the demand for skilled AppSec professionals is on the rise. As organizations invest more in ASPM, they are seeking experts who can bridge the gap between development and security teams. These AppSec leaders are tasked with ensuring that security is baked into the application from the ground up, rather than being an afterthought. The research suggests that this role is becoming increasingly prominent, reflecting the broader industry shift towards DevSecOps methodologies. In addition to these findings, the report provides actionable recommendations for organizations looking to strengthen their AppSec posture. It emphasizes the importance of fostering a security-first culture within development teams, implementing comprehensive security training programs, and leveraging advanced automation tools to streamline the testing and deployment processes. By adopting these strategies, organizations can better protect their applications against the evolving threat landscape. The release of “The Rise of the AppSec Leader” coincides with a time when cybersecurity threats are becoming more sophisticated and frequent. The rise of AI-generated code has added another layer of complexity, making it imperative for companies to Stay ahead of potential vulnerabilities. ArmorCode and PBC see their research as a call to action for the security community, urging leaders to embrace ASPM and integrate it into their existing security frameworks. Overall, the collaboration between ArmorCode and PBC paints a picture of a security landscape where traditional boundaries are blurring, and new, proactive approaches are necessary. The survey results highlight the crucial role that AppSec leaders play in this transformation, and the report offers valuable insights and guidance for organizations navigating the challenges of modern application security.