Security First In An AI Era

Uploaded on 2025-05-21 in TECHNOLOGY-Key Areas-Artificial Intelligence, FREE TO VIEW

Putting security first makes a huge difference to any organisation, ensuring a proactive, risk-aware culture that protects assets, data and reputation from evolving threats. Perhaps surprisingly, it’s also possible to reap the rewards without hindering the software development team.

Companies shouldn’t look to reinvent the wheel and educate everyone in new practice, but rather, invest in leaders that drive this culture. They are the ones who will propagate learnings down and throughout teams.

Accountability matters, and organisations need to look for and measure continuous improvement, not some arbitrary finish line.

Easier & Harder With AI

In today’s AI-enabled development landscape, where code is being generated and deployed faster than ever, the stakes are higher. AI can supercharge productivity, but it can also introduce security risks at scale – from dependency sprawl to misconfigured open-source packages.

Vulnerabilities could spread out not only to customers, but to the whole open-source community in worst case scenarios.

The rise in AI tools and AI-generated code is changing developer practices, with 96% using AI coding assistants to streamline their work. The positives include gains spent accelerating production or finding space for more innovation, but the negative impacts are borne mainly by security teams.

One-fifth of AppSec teams surveyed said they face significant challenges securing AI-generated code because of the increased pace of production.

Accelerating part of the overall SDLC but causing bottlenecks elsewhere creates pressures and may lead to finger pointing. What’s actually needed is clear end-to-end collaboration to really prove the value of AI coding investments.

Security Early, Security Continually

Embedding security into the development process early and continuously is key if software developers are to provide products that can overcome the risks that AI co-pilots introduce, as well as those deployed by criminals to test defences and exploit vulnerabilities at scale.

The traditional security solutions that have become core to the developer ecosystem weren’t designed for the evolution of the modern development lifecycle or the sudden increase in speed driven by AI. So now, these tools slow the workflow of AppSec teams. This leads to friction between developers and security.

If organisations adopt tools that specifically secure human and AI-generated code then they can maintain a proactive, scalable security framework without impeding developer productivity or limiting the usage of AI. These tools – combined with smarter working practices and leadership that supports security measures rather than working around them – create a robust, sustainable approach to software security.

Security checks need to be embedded into pre-commit workflows and build systems. When managed earlier in development, developers remove the need for costly and complex remediation. The traditional way leads to extensive patching, ‘five alarm fire’ emergency responses and occasional damage control and remediation of compromised systems. Set up a defensive line that reduces the number of threats to address after code is committed.

And for AI workflows, where security blind spots can stem from unchecked open-source dependencies used for data pre-processing, model training or inferencing, shifting left is critical.

Robust build system security enhances supply chain integrity. It verifies dependencies, automates vulnerability scans, and enforces security policies within the build process. AI workflows make this critical, as unchecked open-source dependencies create security blind spots, when used for data pre-processing, model training, inferencing or any other task.

Getting Practical: Building Security-First Culture

A culture that genuinely prioritises security and security awareness, which shifts left, really does require organisational cultural change. Operations and security teams must have common cause, empathy, and business goals. Fostering collaboration and shared responsibility helps linked functions work together cohesively and securely.
 
DevSecOps is first and foremost a culture. DevSecOps culture focuses on uniting the normally siloed roles of Development, Security, and Operations into a collaborative shared-responsibility paradigm. It seeks to break down barriers, finger pointing, and deflection. Instead, it aims to build empathy and common goals among various disciplines within the organisation.

To realise maximal gains from early vulnerability detection, pre-commit and build security measures should be automated and seamless.

Security scans should not be triggered manually. Aim for consistent enforcement without disrupting workflows by automating checks integrated into pre-commit hooks and build pipelines. Sustained success comes from comprehensive and context-aware security tools. Users must get immediately meaningful analysis, helping them solve challenges without increasing their cognitive or administrative loads.

Making it work and making it easy are essential for successful security with DevSecOps strategies rapidly evolving with AI. AI development is increasingly dependent on open-source tools and libraries, which makes securing these dependencies absolutely essential.

Danny Allan is CTO at Snyk 

Image: Paris Bilal

You Might Also Read: 

Managing Zero-Day Vulnerabilities In The Real World:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

« Reimagining Cybersecurity In The Age Of Organised Threats
Nova Scotia Power Suffers Major Data Breach »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Eden Legal

Eden Legal

Eden Legal provides legal services on commercial and regulatory issues affecting digital businesses.

Messageware

Messageware

Messageware is the market leader in securing, enhancing, and customizing Microsoft Exchange and Outlook Web App.

Netskope

Netskope

Netskope, a global cybersecurity leader, is redefining cloud, data, and network security to help organizations apply Zero Trust principles to protect data.

Logically Secure

Logically Secure

Logically Secure provide penetration testing and security assessment services.

Salient CRGT

Salient CRGT

Salient CRGT is a leading provider of health, data analytics, cloud, agile software development, mobility, cyber security, and infrastructure solutions.

H3C Group

H3C Group

H3C provides a full range of Computer, Storage, Networking and Security solutions.

SkillCube

SkillCube

SkillCube is one of the pioneers in India focusing on Cyber Security Skill Development Solutions.

ABS Group

ABS Group

ABS Group provides risk and reliability solutions and technical services that help clients confirm the safety, integrity and security of critical assets and operations.

ChainSecurity

ChainSecurity

ChainSecurity provides products and services for securing smart contracts and blockchain protocols and conducts R&D in the areas of security, program analysis, and machine learning.

Brimondo

Brimondo

At Brimondo we help you to maximize and protect your brand value by being a proactive and strategic partner within brand protection with experts within intellectual property and digital assets.

Ridge Global

Ridge Global

Ridge Global works with C-suite executives and corporate directors to build more resilient organizations through innovative preparedness, protection, response and education capabilities.

Presidio

Presidio

Presidio is a leading North American IT solutions provider focused on Digital Infrastructure, Business Analytics, Cloud, Security & Emerging solutions.

Guernsey

Guernsey

Guernsey provides a wide range of engineering, architecture and consulting services to multiple markets, including cybersecurity consulting and CMMC certification.

Blue Bastion

Blue Bastion

Don’t give cybercriminals the chance to find weaknesses in your company’s cyber security system. Defend your institution from all attacks from all directions with Blue Bastion.

MirrorTab

MirrorTab

MirrorTab is a cyber security company providing advanced web security solutions that defend web applications against cyber threats like hacking and malware.

Myriad360

Myriad360

Myriad360 are a global systems integrator specializing in Data Center Modernization, Cloud, Cybersecurity, and Artificial Intelligence.