In reality, more than 90% of orgs are still stuck with traditional reviews and scanners. Finding a place that has built a real inbound control layer is like finding a needle in a haystack.
It mostly comes down to the trade-off between security and speed. True inbound control means having your organization's policies (Policy-as-Code) integrated right at the prompt level, which is technically demanding to customize. We're likely heading toward a future where 'security proxies' sit between the IDE and the AI, filtering risks before the code even hits the editor.