webAI and MacStadium(link is external) announced a strategic partnership that will revolutionize the deployment of large-scale artificial intelligence models using Apple's cutting-edge silicon technology.
Most Organizations Use AI to Generate Code Despite Security Concerns
October 22, 2024
Nearly all (92%) security leaders have concerns about the use of AI-generated code within their organization, according to Organizations Struggle to Secure AI-Generated and Open Source Code, a new report from Venafi.
Source: Venafi(link is external)
Other key survey findings include:
■ Tension Between Security and Developer Teams: 83% of security leaders say their developers currently use AI to generate code, with 57% saying it has become common practice. However, 72% feel they have no choice but to allow developers to use AI to remain competitive, and 63% have considered banning the use of AI in coding due to the security risks.
■ Inability to Secure at AI Speed: 63% of survey respondents report it is impossible for security teams to keep up with AI-powered developers. As a result, security leaders feel like they are losing control and that businesses are being put at risk, with 78% believing AI-developed code will lead to a security reckoning and 59% losing sleep over the security implications of AI.
■ Governance Gaps: Two-thirds (63%) of security leaders think it is impossible to govern the safe use of AI in their organization, as they do not have visibility into where AI is being used. Despite concerns, less than half of companies (47%) have policies in place to ensure the safe use of AI within development environments.
"Security teams are stuck between a rock and a hard place in a new world where AI writes code. Developers are already supercharged by AI and won't give up their superpowers. And attackers are infiltrating our ranks — recent examples of long-term meddling in open source projects and North Korean infiltration of IT are just the tip of the iceberg," said Kevin Bocek, Chief Innovation Officer at Venafi. "Anyone today with an LLM can write code, opening an entirely new front. It's the code that matters, whether it is your developers hyper-coding with AI, infiltrating foreign agents or someone in finance getting code from an LLM trained on who knows what. So it's the code that matters! We have to authenticate code wherever it comes from."
The Open Source Trust Dilemma
When looking at specific concerns around developers using AI to write or generate code, security leaders cited three top concerns:
1. Developers would become over-reliant on AI, leading to lower standards.
2. AI-written code will not be effectively quality checked.
3. AI will use dated open source libraries that have not been well-maintained.
The research also highlights that it is not only AI's use of open source that could present challenges to security teams:
■ Open Source Overload: On average, security leaders estimate 61% of their applications use open source. This over-reliance on open source could present potential risks, given that 86% of respondents believe open source code encourages speed rather than security best practice among developers.
■ Vexing Verification: 90% of security leaders trust code in open source libraries, with 43% saying they have complete trust — yet 75% say it is impossible to verify the security of every line of open source code. As a result, 92% of security leaders believe code signing should be used to ensure open source code can be trusted.
"The recent CrowdStrike outage shows the impact of how fast code goes from developer to worldwide meltdown," Bocek adds. "Code now can come from anywhere, including AI and foreign agents. There is only going to be more sources of code, not fewer. Authenticating code, applications and workloads based on its identity to ensure that it has not changed and is approved for use is our best shot today and tomorrow. We need to use the CrowdStrike outage as the perfect example of future challenges, not a passing one-off."
Maintaining the code signing chain of trust can help organizations prevent unauthorized code execution, while also scaling their operations to keep up with developer use of AI and open source technologies.
"In a world where AI and open source are as powerful as they are unpredictable, code signing becomes a business' foundational line of defense," Bocek concludes. "But for this protection to hold, the code signing process must be as strong as it is secure. It's not just about blocking malicious code — organizations need to ensure that every line of code comes from a trusted source, validating digital signatures against and guaranteeing that nothing has been tampered with since it was signed. The good news is that code signing is used just about everywhere — the bad news is it is most often left unprotected by security teams who can help keep it safe."
Methodology: Venafi surveyed 800 security decision-makers across the US, UK, Germany and France.
Industry News
March 27, 2025
March 27, 2025
Development work on the Linux kernel — the core software that underpins the open source Linux operating system — has a new infrastructure partner in Akamai. The company's cloud computing service and content delivery network (CDN) will support kernel.org, the main distribution system for Linux kernel source code and the primary coordination vehicle for its global developer network.
March 27, 2025
Komodor announced a new approach to full-cycle drift management for Kubernetes, with new capabilities to automate the detection, investigation, and remediation of configuration drift—the gradual divergence of Kubernetes clusters from their intended state—helping organizations enforce consistency across large-scale, multi-cluster environments.
March 26, 2025
Red Hat announced the latest updates to Red Hat AI, its portfolio of products and services designed to help accelerate the development and deployment of AI solutions across the hybrid cloud.
March 26, 2025
CloudCasa by Catalogic announced the availability of the latest version of its CloudCasa software.
March 26, 2025
BrowserStack announced the launch of Private Devices, expanding its enterprise portfolio to address the specialized testing needs of organizations with stringent security requirements.
March 25, 2025
Chainguard announced Chainguard Libraries, a catalog of guarded language libraries for Java built securely from source on SLSA L2 infrastructure.
March 25, 2025
Cloudelligent attained Amazon Web Services (AWS) DevOps Competency status.
March 25, 2025
Platform9 formally launched the Platform9 Partner Program.
March 24, 2025
Cosmonic announced the launch of Cosmonic Control, a control plane for managing distributed applications across any cloud, any Kubernetes, any edge, or on premise and self-hosted deployment.
March 20, 2025
Oracle announced the general availability of Oracle Exadata Database Service on Exascale Infrastructure on Oracle Database@Azure(link sends e-mail).
March 20, 2025
Perforce Software announced its acquisition of Snowtrack.
March 19, 2025
Mirantis and Gcore announced an agreement to facilitate the deployment of artificial intelligence (AI) workloads.
March 19, 2025
Amplitude announced the rollout of Session Replay Everywhere.
March 18, 2025
Oracle announced the availability of Java 24, the latest version of the programming language and development platform. Java 24 (Oracle JDK 24) delivers thousands of improvements to help developers maximize productivity and drive innovation. In addition, enhancements to the platform's performance, stability, and security help organizations accelerate their business growth ...
