Most companies are using AI for security, not coding

News
By Craig Hale
published

Enterprises are worried about using AI to develop their own software

Representational image of a dynamic computer network.
(Image credit: Shutterstock.com / Fit Ztudio)

Although many companies are employing artificial intelligence for security purposes, there’s a marked hesitance to adopt it for coding, new research has claimed.

A report from JFrog revealed that despite nine in 10 integrating AI/ML-powered tools in security scanning and remediation efforts, only around a third (32%) indicated that their organizations use AI/ML for coding.

This disparity highlights the cautious approach towards using AI in the development process, likely because many are concerned about potential vulnerabilities that AI-generated code could introduce to enterprise software.

Companies are worried about using AI for coding

“DevSecOps teams worldwide are navigating a volatile field of software security, where innovation frequently meets demand in an age of rapid AI adoption," JFrog CTO Yoav Landman commented.

While security remains a core consideration, the study also revealed a divide regarding the optimal timing for security scans. Around 42% believe scanning during code writing is best, while 41% advocate for pre-deployment scans on new software packages when bringing them from an open-source software repository.

The report also revealed how security seems to be hindering productivity, with around two in five saying that approval to use a new package/library takes up to one week.

Furthermore, the report raises concerns about the misinterpretation of Critical Vulnerability Severity Scores (CVSS) – despite 60% of security and development teams dedicating around a quarter of their time to addressing vulnerabilities, as many as three-quarters (74%) of high or critical CVSS scores were found to be inappropriate in common scenarios.

Shachar Menashe, Senior Director of JFrog Security Research, summarizes: “Knowing where to put those tools, use their team’s time, and streamline processes is critical to keeping their SDLC secure.”

In an era increasingly characterized by cyber threats, informed decision-making, and strategic resource allocation are more important than ever. Fortunately, the report also reveals a positive outlook – while threats are increasing, severity may not be (or at least to the same degree).

More from TechRadar Pro

Craig Hale
Craig Hale

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!