The challenges faced by organizations in utilizing generative AI in application security are highlighted in a recent report by Checkmarx.
Description
A study conducted by Checkmarx revealed that while 99% of enterprises are using AI code generation tools [7], only 29% have established governance specifically for AI code generation [3] [5], with 15% prohibiting its use [2] [3] [4] [5]. Concerns around generative AI risks [7], such as GenAI attacks and security threats from developers using AI [1] [3] [4] [5] [6], were emphasized among the 900 CISOs and security professionals surveyed [7]. Interestingly, 47% of organizations are interested in allowing AI to make unsupervised code changes [5] [6], while 6% do not trust AI for security actions [5]. The lack of a centralized strategy for generative AI and ad-hoc purchasing decisions by individual departments were noted as common challenges faced by enterprises in this space [7]. Checkmarx CEO Sandeep Johri emphasized the challenges faced by enterprise CISOs in managing risks associated with generative AI [3], highlighting the need for governance without stifling innovation [3]. Checkmarx Chief Product Officer Kobi Tzruya stressed the importance of security teams having productivity tools to manage and prioritize vulnerabilities in AI-generated code [3].
Conclusion
The report underscores the importance of establishing governance for AI code generation to mitigate risks and ensure security in organizations. It also highlights the need for security teams to have the necessary tools to effectively manage vulnerabilities in AI-generated code. Moving forward, organizations must strike a balance between innovation and security to harness the full potential of generative AI in application security.
References
[1] https://www.securityinfowatch.com/cybersecurity/press-release/55129012/enterprise-cisos-struggling-to-govern-the-use-of-ai-in-app-development
[2] https://aithority.com/machine-learning/checkmarx-99-percent-of-developers-use-ai-80-percent-worry-about-security/
[3] https://vmblog.com/archive/2024/07/25/ninety-nine-percent-of-development-teams-use-ai-for-code-generation-while-eighty-percent-are-worried-about-security-threats-stemming-from-developers-using-ai-checkmarx-study-reveals.aspx
[4] https://www.silicon.co.uk/press-release/ninety-nine-percent-of-development-teams-use-ai-for-code-generation-while-eighty-percent-are-worried-about-security-threats-stemming-from-developers-using-ai-checkmarx-study-reveals
[5] https://finance.yahoo.com/news/ninety-nine-percent-development-teams-110000234.html
[6] https://markets.financialcontent.com/stocks/article/bizwire-2024-7-25-ninety-nine-percent-of-development-teams-use-ai-for-code-generation-while-eighty-percent-are-worried-about-security-threats-stemming-from-developers-using-ai-checkmarx-study-reveals
[7] https://betanews.com/2024/07/25/enterprises-struggle-to-govern-use-of-ai-in-development/