Amazon Web Services (AWS) announced the launch and general availability of Amazon Q Developer plugins for Datadog and Wiz in the AWS Management Console.
Industry experts offer thoughtful, insightful, and often controversial predictions on how DevOps and related technologies will evolve and impact business in 2024. Part 6 covers AI's impact on DevOps and development.
Start with: 2024 DevOps Predictions - Part 1
Start with: 2024 DevOps Predictions - Part 2
Start with: 2024 DevOps Predictions - Part 3
Start with: 2024 DevOps Predictions - Part 4
Start with: 2024 DevOps Predictions - Part 5
AI-Generated Vulnerabilities
AI will play a significant role in generating code, allowing for faster development with fewer human resources. But as code inevitably becomes more like open-source software, AI-generated vulnerabilities will become a bigger concern. The speed at which AI-assisted developers work will underscore the importance of enhanced application visibility and security, as developers may lack the full understanding of their AI-generated output.
Shahar Man
Co-Founder & CEO, Backslash Security
According to one Stanford study into developer use of AI tooling, it is likely that unskilled developers using this technology will become dangerous. The study claimed that participants who had access to AI assistants were more likely to introduce security vulnerabilities for the majority of programming tasks, yet also more likely to rate their insecure answers as secure. This poses a significant issue; poor developers will be enabled to introduce security issues faster, and if anything, this will only increase the need for security-skilled developers with the knowledge and expertise to code securely and use AI technology safely.
Matias Madou
Co-Founder and CTO, Secure Code Warrior
Overconfidence in Generative AI code will lead to generated AI vulnerabilities. As more and more developers use generative AI to successfully help build their products, 2024 will see the first big software vulnerabilities attributed to AI generated code. The success of using AI tools to build software will lead to overconfidence in the results and ultimately a breach that will be blamed on the AI itself. This will lead to a redoubling across the industry of previous development practices to ensure that all code, written by both developers and AI, is analyzed, tested, and compliant with quality and security standards.
Phil Nash
Developer Advocate, Sonar
FACING THE CHALLENGES OF AI-ASSISTED CODE DEVELOPMENT
2024 will produce significant challenges to AI-assisted code development. In 2024, we will reach a threshold where we've tampered and experimented enough with AI across the SDLC that there will be an incident, a mistake, that will force enterprises to pay attention to end-to-end governance and the consequences of not having AI policies in place. DevOps teams need guidance on what they are allowed and not allowed to do with the tools they're using, with the guidance standardized into paved paths.
Wing To
GM of Intelligent DevOps, Digital.ai
The risks and challenges that come from bad code that have plagued organizations for years will be a top agenda item for the C-suite and Boards in the new era of AI. The truth is that most organizations are likely unaware of the issues that spin out from bad code … Companies are embracing GenAI so they don't get left behind, but they can't trust AI blindly. While it can speed up and democratize the process of millions — if not billions — more lines of code to be generated, this doesn't come without issues like bugs and errors, lack of readability and maintainability, as well as security and copyright problems. I don't foresee a near-term solution to this in 2024, so it is up to business leaders to ensure their developer teams are creating code that is consistent, intentional, adaptable, and responsible.
Tariq Shaukat
Co-CEO, Sonar
The need for human quality control over code will remain steadfast and grow larger as we find a balance of fast production with quality. I would say that "trust, but verify" is the slogan to live by in the year ahead, as I don't foresee a near-term solution to some of the problems that come with AI, such as hallucinations and lack of understanding of logical flow.
Olivier Gaudin
CEO and Co-Founder, Sonar
Businesses will grapple with the risks inherent in using AI technologies like copyright infringement, IP rights, security threats, and the like. Knowledge attrition is another major concern, particularly for developers who may avail themselves of AI to write code. Since that knowledge will no longer need to be retained, many will become more dependent on AI and the market will favor those who are adept at using it.
Lior Koriat
CEO, Quali
AI WON'T REPLACE NEED FOR CLEAN CODE
As AI-assisted code solutions gain steam in the software development space, those who believe it will replace the need for code quality assurance checks will likely be in for a rude awakening. While it will certainly support developer productivity and will help those greener in the field boost their skills — and even those returning to it — it is not truly functioning at that level yet ... AI-assisted code cannot, and will not, replace the need for developers to clean as they code, ensuring that code is maintainable, reliable, and secure. Human or AI-generated, this approach should be a part of every organization's software development process to ensure all code is fit for the purpose and is continuously clean. With every company's success dependent on the strength of its software, Clean Code should be a top priority if they want to succeed and reduce risk to their business.
Olivier Gaudin
CEO and Co-Founder, Sonar
TEAM COLLABORATION MAKES BIGGER IMPACT THAN AI-ENABLED PROGRAMMER PRODUCTIVITY
We'll witness a proliferation of AI-enabled tools that promise to improve programmer productivity. Many of them will deliver on the promise but towards the end of the year we'll begin to realize that, in complex and agile software efforts team collaboration has an even bigger impact than individual productivity.
Esko Hannula
SVP, Product Management, Copado
DEMAND FOR SENIOR DEVELOPERS TO KEEP AI IN CHECK
Less experienced developers, unlike more technically astute senior developers, may not be able to spot the shortcomings of code generated by AI-assisted code. I expect we'll see the demand for more senior developers increase, to help keep AI in check/oversee its involvement.
Olivier Gaudin
CEO and Co-Founder, Sonar
DEVOPS FOCUS ON PLANNING AND TESTING
The adoption of GenAI will increase the focus on the planning and Testing phases of DevOps. Planning because a well written requirement is needed for your copilot to generate the proper code. Testing, because reliance on GenAI will require that we verify the resulting code even more thoroughly than today. The tests will likely be generated from the same requirements, so this means planning is even more important.
David Brooks
SVP of Evangelism, Copado
AI Makes Progressive delivery essential
Just as software teams have begun to hone practices for getting reliable, observable, available applications running at scale, generative AI is changing everything we know about these methods thanks to its non-deterministic nature. In other words, 1+1 can equal infinity. Therefore, next year, we'll see developers start to account for infinite change when building, testing, training, retesting, and delivering new features built on AI/ML models. This will make the practice of progressive delivery even more essential for success when delivering applications at scale.
Rob Zuber
CTO, CircleCI
DEVELOPERS ACCOUNTABLE FOR AI SPEND
As AI experimentation continues to increase exponentially, with the AI bill growing alongside it, monitoring and observability tools will become mandatory for every dev team. Developer teams will be required to answer for AI spend; CFOs will not accept unbounded and unpredictable costs for much longer and there will be added pressure to prove the return on investment. So, tools that can provide insights, guardrails, and monitoring for AI deployments, especially in the experimentation phase, are going to be a critical tool in every dev team's AI arsenal.
Rita Kozlov
Senior Product Director, Cloudflare
Go to: 2024 DevOps Predictions - Part 7, covering the impact of AI on DevOps and development.
Industry News
vFunction released new capabilities that solve a major microservices headache for development teams – keeping documentation current as systems evolve – and make it simpler to manage and remediate tech debt.
Check Point® Software Technologies Ltd. announced that Infinity XDR/XPR achieved a 100% detection rate in the rigorous 2024 MITRE ATT&CK® Evaluations.
CyberArk announced the launch of FuzzyAI, an open-source framework that helps organizations identify and address AI model vulnerabilities, like guardrail bypassing and harmful output generation, in cloud-hosted and in-house AI models.
Grid Dynamics announced the launch of its developer portal.
LTIMindtree announced a strategic partnership with GitHub.
Solace announced the addition of micro-integrations to its event-driven integration and streaming platform, Solace PubSub+ Platform.
GitGuardian has unveiled its NHI Security strategy, a transformative approach to securing the explosive growth of NHIs and the secrets they depend on.
Linkerd announced the release of Linkerd 2.17, a new version of Linkerd that introduces several major new features to the project: egress traffic visibility and control; rate limiting; and federated services, a powerful new multicluster primitive that combines services running in multiple clusters into a single logical service.
Amazon Web Services (AWS) announced new capabilities for Amazon Q Developer, a generative AI assistant for software development, that take the undifferentiated heavy-lifting out of complex and time-consuming application migration and modernization projects, saving customers and partners time and money.
OpenText announced a strategic partnership with Secure Code Warrior to integrate its dynamic learning platform into the OpenText Fortify application security product suite.
Salesforce announced a series of updates for Heroku, a platform as a service (PaaS) offering that enables teams to build, deploy, and scale modern applications entirely in the cloud.
Onapsis announced the expansion of its Control product line to include a new bundle that enhances application security testing capabilities for SAP Business Technology Platform (BTP).
Amazon Web Services announced new enhancements to Amazon Q Developer, including agents that automate unit testing, documentation, and code reviews to help developers build faster across the entire software development process, and a capability to help users address operational issues in a fraction of the time.
Amazon Web Services (AWS) and GitLab announced an integrated offering that brings together GitLab Duo with Amazon Q.