Check Point® Software Technologies Ltd. announced it has been named as a Recommended vendor in the NSS Labs 2025 Enterprise Firewall Comparative Report, with the highest security effectiveness score.
Navigating the DevSecOps Landscape in the AI Era
October 23, 2025
The world of software development is undergoing a significant transformation, driven by the need for speed, the proliferation of tools, and the disruptive force of artificial intelligence (AI). The latest research from Black Duck, as detailed in the Balancing AI Usage and Risk in 2025: The Global State of DevSecOps report, provides critical insights into the challenges and opportunities facing DevSecOps teams today.
The Speed Paradox: Fast Deployment, Fragile Foundation
Organizations are achieving unprecedented deployment frequencies, with nearly 60% of respondents reporting daily or more frequent code deployments. However, this speed is built on a fragile foundation. Security practices are dangerously immature, with 46% of companies still relying on manual processes to get new code into the security testing queue. This automation gap means many businesses are unaware of their vulnerabilities, with 62% of organizations testing less than 60% of their applications.
The Tool Sprawl Crisis: More Tools, More Problems
The strategy of bringing in multiple application security testing (AST) tools to deal with complex threats has backfired. Over 71% of respondents report that a significant portion of their security alerts is "noise" — false positives or duplicate findings from different tools. This flood of useless information is destroying the return on investment (ROI) of security investments and creating alert fatigue among developers.
Security as a Speed Bump: The Persistent Dilemma
The operational drag from tool noise and manual processes has a direct impact on development speed. Over 81% of DevSecOps professionals say that security testing slows down development, creating tension between development and security teams. This issue undermines the entire point of DevSecOps, which is to ensure that speed and safety are on equal footing.
AI: A Double-Edged Sword
AI is perceived as both a powerful tool for improving security and a significant new source of complex risks. While 63% of respondents believe AI helps write more-secure code, 57% agree that it introduces novel security risks. This paradox makes AI governance a high-stakes balancing act that most companies are still trying to master.
The Unifying Priority: Development Workflow Integration
The survey reveals that the problem isn't necessarily the tools themselves but how developers are forced to use them. The top priority for improving application security testing is "better development workflow integration," chosen by 27% of respondents. This indicates a need to shift toward embedding security seamlessly into developer workflows.
Recommendations for Technical Leaders
1. Establish a Robust AI Governance Framework: Develop clear policies on AI usage, address data privacy and IP protection concerns, and establish accountability for AI-generated code.
2. Rationalize and Optimize the AST Toolchain: Conduct a ruthless audit of the current security portfolio to eliminate redundancies and noise. Consolidate around solutions that integrate into AI-enabled build pipelines.
3. Invest in the Developer Experience of Security: Shift from standalone security tools to platforms that integrate deeply into developer workflows. Measure success using developer-centric metrics like mean time to remediate.
Future Outlook
The trends identified in the report will only accelerate in the next 18 to 24 months. Key predictions include:
■ The acceleration of AI governance tools to provide visibility, governance, and security for AI-generated code.
■ A widening developer-centric skills gap, where security professionals who can think and act like developers will be invaluable.
■ A shift from tool acquisition to toolchain optimization, with a focus on application security posture management platforms.
The path forward for DevSecOps isn't about more tools or processes; it's about a fundamental shift to a developer-centric model of secure software development. It's about integration, automation, and insightful feedback that makes security a natural result of existing development efforts. By embracing this new approach, organizations can effectively balance rigorous security with the relentless demand for innovation, turning security from a roadblock into a strategic enabler for their business.
Industry News
November 06, 2025
November 06, 2025
Buoyant announced upcoming support for Model Context Protocol (MCP) in Linkerd to extend its core service mesh capabilities to this new type of agentic AI traffic.
November 06, 2025
Dataminr announced the launch of the Dataminr Developer Portal and an enhanced Software Development Kit (SDK).
November 05, 2025
Google Cloud announced new capabilities for Vertex AI Agent Builder, focused on solving the developer challenge of moving AI agents from prototype to a scalable, secure production environment.
November 05, 2025
Prismatic announced the availability of its MCP flow server for production-ready AI integrations.
November 05, 2025
Aptori announced the general availability of Code-Q (Code Quick Fix), a new agent in its AI-powered security platform that automatically generates, validates and applies code-level remediations for confirmed vulnerabilities.
November 04, 2025
Perforce Software announced the availability of Long-Term Support (LTS) for Spring Boot and Spring Framework.
November 04, 2025
Kong announced the general availability of Insomnia 12, the open source API development platform that unifies designing, mocking, debugging, and testing APIs.
November 04, 2025
Testlio announced an expanded, end-to-end AI testing solution, the latest addition to its managed service portfolio.
November 03, 2025
Incredibuild announced the acquisition of Kypso, a startup building AI agents for engineering teams.
November 03, 2025
Sauce Labs announced Sauce AI for Insights, a suite of AI-powered data and analytics capabilities that helps engineering teams analyze, understand, and act on real-time test execution and runtime data to deliver quality releases at speed - while offering enterprise-grade rigorous security and compliance controls.
October 30, 2025
Tray.ai announced Agent Gateway, a new capability in the Tray AI Orchestration platform.
October 30, 2025
Qovery announced the release of its AI DevOps Copilot - an AI agent that delivers answers, executes complex operations, and anticipates what’s next.
October 29, 2025
Check Point® Software Technologies Ltd. announced it is working with NVIDIA to deliver an integrated security solution built for AI factories.
October 29, 2025
Hoop.dev announced a seed investment led by Venture Guides and backed by Y Combinator. Founder and CEO Andrios Robert and his team of uncompromising engineers reimagined the access paradigm and ignited a global shift toward faster, safer application delivery.
