Study reveals that while 90% of companies are using AI for security, coding remains untouched by the technology in most cases.
Recent findings suggest that while artificial intelligence (AI) is making strides in enhancing security measures, there is some hesitation when it comes to incorporating it into coding practices within the realm of technological innovation.
Deploying AI for security purposes, not coding
Research conducted by JFrog illuminates a striking contrast: while an overwhelming nine in 10 companies are embracing artificial intelligence and machine learning (ML) to bolster security scanning and remediation efforts, only a third, roughly 32 percent, are using AI/ML technologies in their coding. processes, Techradar reports.
This hesitancy underscores the cautious approach to implementing AI in development, driven by fears about the potential vulnerabilities that AI-generated code could introduce into enterprise software.
Reflecting on the dynamic landscape of software security, Yoav Landman, JFrog’s CTO, noted, “DevSecOps teams worldwide are navigating the volatile field of software security, where innovation often meets demand in an era of rapid AI adoption.”
Although the emphasis on security remains stable, the study reveals a difference in the optimal timing of security checks. About 42% favor scanning during code generation, while nearly as many, 41%, suggest pre-deployment checks when deploying new software packages from open source repositories.
In addition, there is concern about the impact of information security protocols on productivity, as almost two out of five participants stated that it takes up to a week to authorize the use of a new package/library.
In addition, the report highlights the fear of interpreting Critical Vulnerability Severity Scores (CVSS), with a staggering 74 percent of high or critical CVSS scores considered inappropriate in common scenarios, even though 60 percent of security and development teams spend a significant amount of their time there. to fix vulnerabilities.
Shachar Menashe, senior director at JFrog Security Research, emphasizes the importance of strategic resource allocation, stating, “It’s important to know where to put tools, use team time, and streamline processes to keep their SDLC secure.”
As cyber threats increase, making informed decisions and strategically allocating resources is essential. Fortunately, as the threat landscape rises, the report suggests that the severity of the threats may not increase to the same extent, offering a glimmer of optimism amid security challenges.