Most companies are using AI for security, not coding
According to JFrog’s latest annual Software Supply Chain State of the Union report, although many companies are employing artificial intelligence for security purposes, there’s a marked hesitance to adopt it for coding.
The report, which draws insights from more than 7,000 organizations globally, revealed that despite nine in 10 integrating AI/ML-powered tools in security scanning and remediation efforts, only one in three (32%) indicated that their organizations use AI/ML for coding.
This disparity highlights the cautious approach towards using AI in the development process, likely because many are concerned about potential vulnerabilities that AI-generated code could introduce to enterprise software.
Companies are worried about using AI for coding
JFrog CTO Yoav Landman commented: “DevSecOps teams worldwide are navigating a volatile field of software security, where innovation frequently meets demand in an age of rapid AI adoption.”
While security remains a core consideration, the study also revealed a divide regarding the optimal timing for security scans. Around 42% believe scanning during code writing is best, while 41% advocate for pre-deployment scans on new software packages when bringing them from an open-source software repository.
The report also revealed how security seems to be hindering productivity, with around two in five saying that approval to use a new package/library takes up to one week.
Furthermore, the report raises concerns about the misinterpretation of Critical Vulnerability Severity Scores (CVSS) – despite 60% of security and development teams dedicating around a quarter of their time to addressing vulnerabilities, as many as three-quarters (74%) of high or critical CVSS scores were found to be inappropriate in common scenarios.
Shachar Menashe, Senior Director of JFrog Security Research, summarizes: “Knowing where to put those tools, use their team’s time, and streamline processes is critical to keeping their SDLC secure.”
In an era increasingly characterized by cyber threats, informed decision-making, and strategic resource allocation are more important than ever. Fortunately, the report also reveals a positive outlook – while threats are increasing, severity may not be (or at least to the same degree).
More from TechRadar Pro
According to JFrog’s latest annual Software Supply Chain State of the Union report, although many companies are employing artificial intelligence for security purposes, there’s a marked hesitance to adopt it for coding. The report, which draws insights from more than 7,000 organizations globally, revealed that despite nine in 10 integrating…
