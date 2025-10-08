A double-edged sword

As the pace of development quickens and the threat landscape becomes increasingly complex, the tension between development and security has never been more pronounced. Over 56% of our report’s respondents state that AI coding assistants have ushered in novel security risks including the potential for introducing vulnerabilities, regulatory compliance issues, and proprietary code being inadvertently incorporated into training models.

While AI can automate and streamline the coding process, it can also inadvertently introduce bugs or security flaws that will not be immediately apparent. This is particularly dangerous in environments where code is rapidly developed and deployed, and where there is little time for thorough manual reviews. Additionally, the complexity of AI systems themselves can create new attack surfaces, making it crucial for DevSecOps teams to continuously assess the security implications of AI integration into the SDLC.

AI can also introduce significant compliance issues. The regulatory landscape is stringent, and the use of AI in development processes must adhere to various standards and guidelines. This risk is noted among our report’s respondents, with 14.99% concerned that AI-generated code will lead to legal and financial repercussions. Moreover, the transparency and auditability of AI-generated code is often an issue, making it difficult to trace and justify the code’s compliance status.

Despite these risks, most of our respondents believe that AI is a powerful ally in the fight for security. A majority—63.33%—of DevSecOps professionals agree that AI has tangibly improved their ability to write more-secure code. This is particularly evident in the early stages of the development pipeline, where AI tools can provide real-time feedback and directives to developers. For instance, 19.78% of our survey respondents noted that AI provides faster identification of real security vulnerabilities in code as it’s written. This not only enhances the security of the final product but also reduces the time and resources required for manual security testing.

It's important to note that a collaboration strategy between AI tools and human overseers is paramount to achieving the reliable DevSecOps processes. AI can automate and speed the process, but the human intuition and hands-on expertise is indispensable to secure code development. By integrating those strengths, DevSecOps teams can create a synergistic approach that ensures a robust and responsive security environment. Human experts can provide context and make nuanced decisions, while AI can handle the repetitive and data-intensive tasks.