Check Point® Software Technologies Ltd. has been recognized as a Leader in the 2024 Gartner® Magic Quadrant™ for Email Security Platforms (ESP).
"Don't just launch an AI integration or deploy AI tools because it sounds cool," advises Cassius Rhue, VP, Customer Experience, SIOS Technology. "Understand the reasons, risks and rewards, and strategy behind your implementation. Be sure to understand all the costs for integration of these tools as well. These costs will go beyond just the price tag on the tool or service."
With this advice in mind, Part 12 of this series features expert recommendations on how to avoid the risks associated with using AI to support software development.
PLAN FOR RESISTANCE
Don't forget to consider the bad as well as the good. Plan for potential challenges to AI adoption, including employee resistance or concern.
Dotan Nahum
Head of Developer-First Security, Check Point Software Technologies
PROCEED WITH CAUTION
All tools, including AI tools leveraged in support of development, need to be used with care, handled with caution, and leveraged with some constraint. Don't discount the need for your team's native and natural intelligence remaining front and center of the development process.
Cassius Rhue
VP, Customer Experience, SIOS Technology
I recommend companies proceed with AI with extreme caution. AI, in my opinion, is just another tool in the toolbox, but its power and potential should neither be overstated nor underestimated. The desire to create efficiencies and save money will be a very strong driving force. However, I believe some early pioneers will suffer catastrophic disasters if they blindly dive in too deep. At a recent AI and cybersecurity meetup here in Toronto, one of the speakers gave some great advice: Introduce AI into your processes, but never remove human overview at any level. On top of fears that AI will make mistakes, or worse case fantasy scenario take over like HAL 9000 did in the movie 2001: A Space Odyssey, there is also the danger of your AI being hijacked by a bad actor or cybercriminal.
Geoff Burke
Community Manager, Object First
UNDERSTAND HOW AI CAN FAIL
The development teams of the future will be building AI into their software, in addition to helping them program. So, they will need to be familiar with all the ways AI can fail. With AI, testing and debugging become even more important. Companies will need to understand that, and make sure that there is sufficient time to test, and that the programmers have the skills needed to test well. Programmers may spend less time writing code, but they'll have to spend more time thinking through all the corner cases, making sure that everything is tested. Don't underestimate the difficulty here: AIs don't make the same kinds of mistakes that we do. Techniques like fuzzing — testing with random input — may become the best way to find out where AIs have failed.
Mike Loukides
VP of Emerging Tech Content, O'Reilly Media
ESTABLISH GUARDRAILS
While this is all to the benefit of DevOps teams, it is vital to ensure AI guardrails are implemented across the board for security purposes. By doing so, DevOps teams can rest easy knowing they can remain focused on innovation while maintaining robust protection against evolving threats.
Eoin Hinchy
CEO and Co-Founder, Tines
Implementing a robust governance framework to oversee AI integration will help maximize benefits and mitigate any potential risks. Simply put, the easier it becomes to build apps using GenAI, the more crucial and central governance will become to IT's remit.
Jithin Bhasker
GM & VP for the App Engine Business , ServiceNow
As companies encourage implementation, it is crucial that customers implement strong governance frameworks and tools to avoid introducing new risks in their business from AI generated code. Adopting best practices is important, but establishing and enforcing these practices ensures adherence to standards and mitigates risks effectively.
Peter White
SVP of Emerging Products, Automation Anywhere
DEFINE AI USAGE POLICIES
The AI journey is one of perpetual learning. First and foremost, make sure your company has defined an AI usage policy and a standard set of criteria for evaluating new tools that utilize AI.
Todd McNeal
Director of Product Management, SmartBear
A key requirement is to implement an AI policy and ensure it's read and understood by everyone in the company, not just developers. This requires researching the most appropriate LLMs (MS, AWS, Google, etc.) for your organization.
Rupert Colbourne
CTO, Orbus Software
IMPLEMENT AN AI MANAGEMENT SYSTEM
Importantly, before AI integration progresses too far, companies should consider leveraging ISO 42001 to build a framework for an AI Management System (AIMS). This proactive approach to governing AI use can help ensure responsible and effective implementation, mitigate risks, and align AI initiatives with organizational goals and ethical standards. Establishing such a framework early can provide a solid foundation for scaling AI use in development processes.
Thomas Fou
VP of Compliance Services, BlueAlly
USE SAME OVERSIGHT AS YOU WOULD FOR HUMAN DEVELOPERS
The risks that come to mind for most people are along the lines of "what if AI writes inefficient code? Or code that the engineers don't understand fully?". That's 100 percent a consideration, but it's worth clarifying that I don't see it as a unique risk from AI. I'd argue that sometimes software engineers can write inefficient code, or code that their successor or peers don't fully understand when they leave the company. My advice is to make sure you still maintain the same type of systems with AI in the loop that you would for humans. This includes peer reviews, code documentation, and so on. Having humans in the loop, and accepting from time to time that you may need to adjust, correct, or intervene is key.
Jeff Hollan
Head of Applications and Developer Platform, Snowflake
FOCUS ON SECURITY
The security of organizations' IP is the most important thing. It's imperative that users don't sacrifice data security in the name of AI productivity.
Jeff Hollan
Head of Applications and Developer Platform, Snowflake
While AI is the shiny new thing all organizations are moving towards, it is important not to rush to capitalize on the benefits of AI. Too often companies overlook application security, leading to significant security gaps, especially at the application layer where sensitive data is most at risk. While executives recognize the need for a new security governance model for AI, only a small fraction of AI projects actually incorporate a security component, reflecting a clear gap.
Chetan Conikee
Co-Founder and CTO, Qwiet AI
EVALUATE YOUR DATA SECURITY
Understand your current data policies and where things are stored. What are the crown jewels that make your business tick? Are there proper controls around the human interaction itself as of right now? If not, then do not assume that AI will solve that for you. If your modern data controls aren't in place from a developer standpoint, then it is probably safe to assume there is now a higher risk once AI is supporting the building.
Sean Heide
Research Technical Director, Cloud Security Alliance
Utilize AI for Patch Management
Implement smart patching solutions to address third-party vulnerabilities efficiently. AI-driven recommendations can help developers find and remediate software vulnerabilities quickly.
Javed Hasan
CEO and Co-Founder, Lineaje
ENSURE TRAINING DATA QUALITY
Data quality can be a great indicator of the tool's performance, so we advise verifying that the AI training data is clean, well-structured, and representative of your development processes.
Dotan Nahum
Head of Developer-First Security, Check Point Software Technologies
We should embrace this technology, but we need to do it safely. If machine models are only as good as the training data and methods used to teach them, generative AI models also need supervised training on curated datasets that protect privacy.
Chris Wysopal
Co-Founder and Chief Security Evangelist, Veracode
Don't be afraid to use AI for development but ensure that it's coming from trusted sources. AI providers must be clear and transparent about the data and methodology that is used to train their large language models. This applies across all AI-driven tools because the adoption and management of AI becomes significantly more difficult, expensive, and risky without such transparency. When AI models and tools are transparent by default, businesses can spend more time looking for solutions to their problems, rather than worrying about the reliability of the tools they're using.
Keri Olson
VP of Product Management, AI for Code, IBM
TREAT AI LIKE AN INTERN
For the time being I'd suggest treating AI for coding or test generation the same way you'd treat someone new on the team, new to your organization. Better yet maybe treat them like an intern or apprentice. Give them some work to do and check it thoroughly. Once you've done that, you'll start to learn what they're good and bad at and when to trust them.
Arthur Hicken
Chief Evangelist, Parasoft
TREAT AI RESPONSES AS SUGGESTIONS, NOT THE TRUTH
We need to be cautious and take it as a suggestion and never take a response as 100% truth.
Udi Weinberg
Director of Product Management, Research and Development, OpenText
Go to: Exploring the Power of AI in Software Development - Part 13: More Recommendations
Industry News
Progress announced its partnership with the American Institute of CPAs (AICPA), the world’s largest member association representing the CPA profession.
Kurrent announced $12 million in funding, its rebrand from Event Store and the official launch of Kurrent Enterprise Edition, now commercially available.
Blitzy announced the launch of the Blitzy Platform, a category-defining agentic platform that accelerates software development for enterprises by autonomously batch building up to 80% of software applications.
Sonata Software launched IntellQA, a Harmoni.AI powered testing automation and acceleration platform designed to transform software delivery for global enterprises.
Sonar signed a definitive agreement to acquire Tidelift, a provider of software supply chain security solutions that help organizations manage the risk of open source software.
Kindo formally launched its channel partner program.
Red Hat announced the latest release of Red Hat Enterprise Linux AI (RHEL AI), Red Hat’s foundation model platform for more seamlessly developing, testing and running generative artificial intelligence (gen AI) models for enterprise applications.
Fastly announced the general availability of Fastly AI Accelerator.
Amazon Web Services (AWS) announced the launch and general availability of Amazon Q Developer plugins for Datadog and Wiz in the AWS Management Console.
vFunction released new capabilities that solve a major microservices headache for development teams – keeping documentation current as systems evolve – and make it simpler to manage and remediate tech debt.
Check Point® Software Technologies Ltd. announced that Infinity XDR/XPR achieved a 100% detection rate in the rigorous 2024 MITRE ATT&CK® Evaluations.
CyberArk announced the launch of FuzzyAI, an open-source framework that helps organizations identify and address AI model vulnerabilities, like guardrail bypassing and harmful output generation, in cloud-hosted and in-house AI models.
Grid Dynamics announced the launch of its developer portal.
LTIMindtree announced a strategic partnership with GitHub.