Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Craig Hale

Most companies are using AI for security, not coding

Representational image of a dynamic computer network.

Although many companies are employing artificial intelligence for security purposes, there’s a marked hesitance to adopt it for coding, new research has claimed.

A report from JFrog revealed that despite nine in 10 integrating AI/ML-powered tools in security scanning and remediation efforts, only around a third (32%) indicated that their organizations use AI/ML for coding.

This disparity highlights the cautious approach towards using AI in the development process, likely because many are concerned about potential vulnerabilities that AI-generated code could introduce to enterprise software.

Companies are worried about using AI for coding

“DevSecOps teams worldwide are navigating a volatile field of software security, where innovation frequently meets demand in an age of rapid AI adoption," JFrog CTO Yoav Landman commented.

While security remains a core consideration, the study also revealed a divide regarding the optimal timing for security scans. Around 42% believe scanning during code writing is best, while 41% advocate for pre-deployment scans on new software packages when bringing them from an open-source software repository.

The report also revealed how security seems to be hindering productivity, with around two in five saying that approval to use a new package/library takes up to one week.

Furthermore, the report raises concerns about the misinterpretation of Critical Vulnerability Severity Scores (CVSS) – despite 60% of security and development teams dedicating around a quarter of their time to addressing vulnerabilities, as many as three-quarters (74%) of high or critical CVSS scores were found to be inappropriate in common scenarios.

Shachar Menashe, Senior Director of JFrog Security Research, summarizes: “Knowing where to put those tools, use their team’s time, and streamline processes is critical to keeping their SDLC secure.”

In an era increasingly characterized by cyber threats, informed decision-making, and strategic resource allocation are more important than ever. Fortunately, the report also reveals a positive outlook – while threats are increasing, severity may not be (or at least to the same degree).

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.