webAI and MacStadium(link is external) announced a strategic partnership that will revolutionize the deployment of large-scale artificial intelligence models using Apple's cutting-edge silicon technology.
CISOs Struggle to Govern Use of AI in Application Development
August 21, 2024
CISOs are struggling with the need to empower both development and application security (AppSec) teams with the productivity benefits of AI tools while establishing governance to mitigate emerging risks, according to Seven Steps to Safely Use Generative AI in Application Security, a new report from Checkmarx.
Source: Checkmarx(link is external)
Highlights of the study include findings showing the difficulty of establishing and enforcing governance:
■ Only 29% of organizations have established any form of governance.
■ 15% of respondents have explicitly prohibited the use of AI tools for code generation within their organizations.
■ 99% report that AI code-generation tools are being used regardless of prohibitions.
■ 70% say there is no centralized strategy for GenAI, with purchasing decisions made on an ad hoc basis by individual departments.
■ 60% are worried about GenAI attacks such as AI hallucinations.
■ 80% are worried about security threats stemming from developers using AI.
"Enterprise CISOs are grappling with the need to understand and manage new risks around generative AI without stifling innovation and becoming roadblocks within their organizations," said Sandeep Johri, CEO at Checkmarx. "GenAI can help time-pressured development teams scale to produce more code more quickly, but emerging problems such as AI hallucinations usher in a new era of risk that can be hard to quantify."
Many CISOs are seeking to build the right level and types of governance in order to permit their application development teams to use AI coding tools. Given its ease of adoption, flexibility and utility, security leaders clearly understand its potential for helping to speed and scale application development in a time-pressured business environment.
However, generative AI is currently unable to follow secure coding practices or to produce truly secure code, which motivates some security teams to consider AI-driven security tools to help manage the proliferation of development teams' AI-generated code. The study found that:
■ 47% of respondents indicated interest in allowing AI to make unsupervised changes to code.
■ 6% said they wouldn't trust AI to be involved in security actions within their vendor tools.
"The responses of these global CISOs expose the reality that developers are using AI for application development even though it can't reliably create secure code, which means that security teams are being hit with a flood of new, vulnerable code to manage," said Kobi Tzruya, Chief Product Officer at Checkmarx.
Methodology: In early 2024 Checkmarx commissioned a global research firm to conduct a survey of 900 CISOs and application security professionals in companies in North America, Europe and Asia-Pacific with annual revenue of $750 million or more.
Industry News
March 27, 2025
March 27, 2025
Development work on the Linux kernel — the core software that underpins the open source Linux operating system — has a new infrastructure partner in Akamai. The company's cloud computing service and content delivery network (CDN) will support kernel.org, the main distribution system for Linux kernel source code and the primary coordination vehicle for its global developer network.
March 27, 2025
Komodor announced a new approach to full-cycle drift management for Kubernetes, with new capabilities to automate the detection, investigation, and remediation of configuration drift—the gradual divergence of Kubernetes clusters from their intended state—helping organizations enforce consistency across large-scale, multi-cluster environments.
March 26, 2025
Red Hat announced the latest updates to Red Hat AI, its portfolio of products and services designed to help accelerate the development and deployment of AI solutions across the hybrid cloud.
March 26, 2025
CloudCasa by Catalogic announced the availability of the latest version of its CloudCasa software.
March 26, 2025
BrowserStack announced the launch of Private Devices, expanding its enterprise portfolio to address the specialized testing needs of organizations with stringent security requirements.
March 25, 2025
Chainguard announced Chainguard Libraries, a catalog of guarded language libraries for Java built securely from source on SLSA L2 infrastructure.
March 25, 2025
Cloudelligent attained Amazon Web Services (AWS) DevOps Competency status.
March 25, 2025
Platform9 formally launched the Platform9 Partner Program.
March 24, 2025
Cosmonic announced the launch of Cosmonic Control, a control plane for managing distributed applications across any cloud, any Kubernetes, any edge, or on premise and self-hosted deployment.
March 20, 2025
Oracle announced the general availability of Oracle Exadata Database Service on Exascale Infrastructure on Oracle Database@Azure(link sends e-mail).
March 20, 2025
Perforce Software announced its acquisition of Snowtrack.
March 19, 2025
Mirantis and Gcore announced an agreement to facilitate the deployment of artificial intelligence (AI) workloads.
March 19, 2025
Amplitude announced the rollout of Session Replay Everywhere.
March 18, 2025
Oracle announced the availability of Java 24, the latest version of the programming language and development platform. Java 24 (Oracle JDK 24) delivers thousands of improvements to help developers maximize productivity and drive innovation. In addition, enhancements to the platform's performance, stability, and security help organizations accelerate their business growth ...
