Legit Security announced the release of a new survey report, "
Use and Security of GenAI in Software Development."
Capturing the perspectives of security and development professionals to
uncover concerns about the visibility into and approaches to managing
GenAI, the report's findings revealed that both teams face critical
security challenges when using GenAI in software development.
"As
generative AI transforms software development and becomes increasingly
embedded in the development lifecycle, there are some real security
concerns among developers and security teams," said Liav Caspi,
Co-Founder and CTO at Legit. "Our research found that teams are
challenged with balancing the innovations of GenAI and the risks it
introduces by exposing their applications and their software supply
chain to new vulnerabilities. While GenAI is undoubtedly the future of
software development, organizations must be mindful of its new risks and
ensure they have the appropriate visibility into and control over its
use."
GenAI
is quickly changing the software development process by automating
tasks that once took developers hours, if not days, to complete,
bolstering efficiency and productivity. Eighty-eight percent of
developers report using it within their development organization,
reflecting a broad shift in how development teams augment their
capabilities with AI to meet tight deadlines and complex project
demands. Despite the high rate of adoption, security is a critical
concern. For instance, previous research by Legit revealed that LLMs and AI models contain bugs and vulnerabilities that can lead to AI supply chain attacks.
The report's key findings include:
- Increased Use of GenAI in Software Development:
96% of security and software development professionals report that
their companies use GenAI-based solutions for building or delivering
applications. Among these respondents, 79% report that all or most of
their development teams regularly use GenAI.
- Code Assistant Use Is Worrying: 84%
of security professionals are concerned about using code assistants and
cite unknown and/or malicious code as their primary concern.
- Growing Concerns Over GenAI Security: 98%
believe that security teams need a better handle on how GenAI-based
solutions are used in development. 94% report they need more effective
ways to manage GenAI use in their company's research and development
efforts.
- Apprehension on GenAI Over-Reliance: 85%
of developers and 75% of those in security have security concerns over
relying too much on GenAI solutions to develop software.
- Developers Fear Loss of Critical Thinking:
More developers than security professionals report concern over loss of
critical thinking due to AI use in development (8% vs. 3%).
- GenAI is the Future: 95%
of respondents predict that software developers will be more reliant on
GenAI in the next five years, with none foreseeing reduced reliance.
The report's findings underscore GenAI's importance in software
development. However, as organizations increasingly adopt it into their
CI/CD pipelines and software supply chains, they need to prioritize
security and improve oversight while boosting collaboration between
development and security teams.
To download the report, visit https://info.legitsecurity.com/survey-report-use-and-security-of-genai-in-software-development