One in five organizations has experienced a serious security incident directly tied to AI-generated code, prompting security leaders to conduct comprehensive audits of their AI-assisted software development processes. The article outlines a framework for CISOs to assess risks by tracking who uses AI tools, evaluating developer capabilities to catch vulnerabilities, and mapping specific tools to code outputs. Key recommendations include creating risk scores for developers, establishing governance policies for approved AI tools, and implementing what's called time travel auditing to quickly isolate and fix code linked to compromised AI models.