Security

Artificial Intelligence Supports Secure DevOps

But AI can help threat actors too.

Tal Levi Joseph is vice president of product and engineering for application delivery management at OpenText.

With recent events resulting in significant security breaches and substantial downtime for companies around the world, it is more evident than ever that DevSecOps must become a common practice in the software and application development industry.

The aftermath of recent major incidents has been devastating, resulting in countless hours of downtime, hundreds of millions of dollars lost, wrecked company reputations, and extremely irate customers and end users. Compounding the risks prevalent today is the reality that each day brings new software development concerns and more sophisticated security threats.

It is becoming increasingly apparent that generative artificial intelligence can play a significant role in DevSecOps, now and in the future. Yet the impact of generative AI-powered DevSecOps goes beyond better security. It is reshaping the roles of IT professionals and making the software development lifecycle faster, more reliable and cheaper.

Click the banner below to learn how automation can help reduce DevOps challenges.

Why Security Is Foundational to Good DevOps

DevSecOps is the integration of software development, security and IT operations. This tech trinity enables security testing earlier in the SDLC, rather than at the end of the process, when it is much more difficult and costly to address vulnerabilities.

The implementation of DevSecOps requires planning the necessary infrastructure and application security and selecting the right tools at the beginning of the process. With proper implementation and the use of AI, the tools and processes will be able to provide better security and make the software development workflow more efficient by automating some steps and security gates.

DevSecOps removes the barriers that have siloed software development, cybersecurity and IT operations teams. If these disciplines are to be integrated, the teams must be a part of the process.

This collaboration is enhanced with the use of generative AI, which will allow teams to be more productive via faster development and testing rates. According to the 2024-25 World Quality Report by Capgemini and OpenText, 68% of respondents are using generative AI platforms to “improve their overall IT efficiency and accelerate their speed to market.” 68% of respondents are using Gen AI platforms to improve their overall IT efficiency and accelerate their speed to market.

85%

The share of leaders who say artificial intelligence increases DevOps efficiency

Source: Gartner, Hype Cycle for Software Engineering, 2023, August 2023

How AI Helps Software Developers

AI is beneficial in the quick production of code for routine tasks. While on the surface this may appear to take away work from engineers, it ultimately provides them with the opportunity to maximize the use of their skill sets by freeing them up to work on more complex projects and full system designs. AI also provides shortcuts and suggestions to expedite the development process.

One example of how AI is changing roles and outcomes is the way cybersecurity teams search for vulnerabilities. Instead of looking for weaknesses after code is written, cybersecurity teams are inserted into the software development process. By leveraging AI to inject governance into the SDLC, best practices are instituted earlier, decreasing a product’s time to market.

AI currently promotes the speed and efficiency of the development process, but the benefits should continue to grow as the capabilities of AI evolve and use cases expand. For example, AI will soon be able to reliably make recommendations on business strategy, providing insight into which initiatives to proceed with.

KEEP READING: Can businesses use AI to improve cyber defenses?

Why Cyberthreat Actors Love AI

While the implementation of DevSecOps and generative AI brings the benefits mentioned above and more, AI is also being used to deliver a new generation of cyberthreats. Last May, the FBI issued a warning about cybercriminals using AI to increase the speed, scale and automation of cyberattacks. According to the FBI, bad actors are using publicly available and custom-made tools.

“As technology continues to evolve, so do cybercriminals’ tactics. Attackers are leveraging AI to craft highly convincing voice or video messages and emails to enable fraud schemes against individuals and businesses alike,” said FBI Special Agent in Charge Robert Tripp in a press release. “These sophisticated tactics can result in devastating financial losses, reputational damage and compromise of sensitive data.”

Using AI, cybercriminals are enhancing traditional methods of attacks, such as phishing emails, and they are deploying threats using voice and video cloning techniques.

How To Fight AI-Powered Cyberattacks

The best way to prevent AI-fueled attacks from being successful or to limit the amount of harm is to implement DevSecOps and incorporate AI into every aspect of the SDLC. This is extremely beneficial for companies because it allows developers to address risks more quickly.

Perhaps more important, it paves the way for organizations to change from a reactive mindset to a proactive mentality in which the overall security posture is strengthened with real-time AI threat detection. A proactive approach also opens the door to faster innovation, which allows organizations to keep pace with or stay ahead of cybercriminals — and, as a bonus, their competitors. For example, implementing DevSecOps and using AI to find vulnerabilities reduces the need to test everything.

By implementing DevSecOps with AI, organizations can thrive from a business perspective while becoming more secure.

UP NEXT: What is Security as Code and how does it help software developers?

Weedezign/Getty Images