Organisations must contain the “blast radius” of rogue AI-generated code, warns Harness

Developer toil is set to triple as generative AI increases the volume of code that needs to be tested and remediated

Harness warns that the exponential growth of AI-generated code is set to triple developer toil within the next 12 months, and leave organisations exposed to a bigger “blast radius” from software flaws that escape to production. Nine-in-ten developers are already using AI-assisted coding tools to accelerate software delivery. As this continues, the volume of code shipped to the business is increasing by an order of magnitude. It is therefore becoming difficult for developers to keep up with the need to test, secure, and remediate issues in every line of code they deliver. If they don’t find a way to reduce developer toil in these stages of the software delivery lifecycle (SDLC) it will soon become impossible to prevent flaws and vulnerabilities from reaching production. As a result, organisations will face an increased risk of downtime and security breaches. 

“Generative AI has been a game-changer for developers, as eight-week projects can suddenly be completed in four,” said Martin Reynolds, Field CTO at Harness. “However, as the volume of code being shipped to the business increases, so does the ‘blast radius’ if developers fail to rigorously test it for flaws and vulnerabilities. AI might not introduce new security gaps to the delivery pipeline, but it does mean there’s more code being funnelled through existing ones. That creates a much higher chance of vulnerabilities or bugs being introduced unless developers spend significantly more time on testing and security. When the Log4J vulnerability was discovered, developers spent months finding affected components to remediate the threat. In the world of generative AI, they’d have to find the same needle in a much larger haystack.” 

Harness advises that the only way to contain the AI code boom is to fight fire with fire. This means using AI to automatically analyse code changes, test for flaws and vulnerabilities, identify the risk impact, and ensure deployment issues can be rolled back in an instant. To reduce the risk of AI-generated code while minimising developer toil, organisations should:

  • Integrate security into every phase of the SDLC – secure and governed pipelines should be built to automate every single test, check, and verification required to drive efficiency and reduce risk. Applying a policy-as-code approach to the software delivery process will prevent new code from making its way to production if it fails to meet strict requirements for availability, performance, and security.
  • Conduct rigorous code attestation – The Solarwinds and MoveIT incidents highlighted the importance of extending secure delivery practices beyond an organisation’s own four walls. To minimise toil, IT leaders must ensure their teams can automate the processes needed to monitor and control open-source software components and third-party artefacts, such as generating a Software Bill of Materials (SBOM) and conducting SLSA attestation.
  • Use Generative AI to instantly remediate security issues – As well as enabling development teams to create code faster, generative AI can also help them to quickly triage and analyse vulnerabilities and secure their applications. These capabilities enable developers and security personnel to manage security issue backlogs and address critical risks promptly with significantly reduced toil.

“The whole point of AI is to make things easier, but without the right quality assurance and security measures, developers could lose all the time they have saved,” argues Reynolds. “Enterprises must consider the developer experience in every measure or new technology they implement to accelerate innovation. By putting robust guardrails in place and using AI to enforce them, developers can more freely leverage automation to supercharge software delivery. At the same time, teams will spend less time on remediation and other workloads that increase toil. Ultimately, this reduces operational overheads while increasing security and compliance, creating a win-win scenario.”

 

To learn more about the use of AI in software testing, attend the National Software Testing Conference in London on 23rd of July.


Edited by: Vaishnavi Nashte

For media enquiries, please contact vaishnavi.nashte@31media.co.uk

 

 

0
    0
    Your Cart
    Your cart is emptyReturn to Shop