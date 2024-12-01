eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

A new survey from Legit Security revealed that Generative AI (GenAI) is exposing critical security vulnerabilities even as it transforms software development. Released in late November 2024, the survey highlighted concerns from developers and security professionals about the integration of GenAI into development pipelines, despite its widespread use.

The report, titled “Use and Security of GenAI in Software Development,” surveyed over 400 professionals across industries and showed that 96 percent of organizations are now employing GenAI tools for application development, with 79 percent reporting regular usage by their teams. However, security risks like potential exposure to malicious codes and AI supply chain attacks are casting a shadow over this technological leap.

“As generative AI transforms software development and becomes increasingly embedded in the development lifecycle, there are some real security concerns among developers and security teams,” Cofounder and CTO of Legit Security Liav Caspi said in a press release. “Our research found that teams are challenged with balancing the innovations of GenAI and the risks it introduces by exposing their applications and software supply chains to new vulnerabilities.”

The survey further found that 85 percent of developers and 75 percent of security professionals are concerned about overreliance on GenAI tools. These technologies, which are designed to automate repetitive coding chores, risk exposing vulnerabilities that could be exploited by attackers.

98 percent of respondents also noted the need for security teams to acquire better control of how GenAI technologies are used

94 percent emphasized the need for improved management of GenAI-driven development processes

The report also recognized such potential AI-driven threats as sensitive information leakage and model theft. Over two-thirds of respondents listed supply chain vulnerabilities as a serious risk, highlighting the pervasive problem of safeguarding AI-generated code in mission-critical systems. The findings coincide with trends in the broader cybersecurity scene, where ransomware attacks have reached record highs and AI-based vulnerabilities continue to evolve.

Despite these hurdles, the consensus is clear: GenAI is changing the future of software development. Nearly 95 percent of respondents predicted that reliance on these tools will rise during the next five years. Yet, as corporations embrace this new technology, experts recommend caution, noting that businesses should leverage essential prompt engineering tools to enhance AI oversight and mitigate risks.

“While GenAI is undoubtedly the future of software development,” Caspi said, “organizations must be mindful of its new risks and ensure they have the appropriate visibility into and control over its use.”

Download the full Legit Security report or learn more about how generative AI can be used to augment cybersecurity efforts.