SmartBear announced its acquisition of QMetry, provider of an AI-enabled digital quality platform designed to scale software quality.
"Don't just launch an AI integration or deploy AI tools because it sounds cool," advises Cassius Rhue, VP, Customer Experience, SIOS Technology. "Understand the reasons, risks and rewards, and strategy behind your implementation. Be sure to understand all the costs for integration of these tools as well. These costs will go beyond just the price tag on the tool or service."
With this advice in mind, Part 12 of this series features expert recommendations on how to avoid the risks associated with using AI to support software development.
PLAN FOR RESISTANCE
Don't forget to consider the bad as well as the good. Plan for potential challenges to AI adoption, including employee resistance or concern.
Dotan Nahum
Head of Developer-First Security, Check Point Software Technologies
PROCEED WITH CAUTION
All tools, including AI tools leveraged in support of development, need to be used with care, handled with caution, and leveraged with some constraint. Don't discount the need for your team's native and natural intelligence remaining front and center of the development process.
Cassius Rhue
VP, Customer Experience, SIOS Technology
I recommend companies proceed with AI with extreme caution. AI, in my opinion, is just another tool in the toolbox, but its power and potential should neither be overstated nor underestimated. The desire to create efficiencies and save money will be a very strong driving force. However, I believe some early pioneers will suffer catastrophic disasters if they blindly dive in too deep. At a recent AI and cybersecurity meetup here in Toronto, one of the speakers gave some great advice: Introduce AI into your processes, but never remove human overview at any level. On top of fears that AI will make mistakes, or worse case fantasy scenario take over like HAL 9000 did in the movie 2001: A Space Odyssey, there is also the danger of your AI being hijacked by a bad actor or cybercriminal.
Geoff Burke
Community Manager, Object First
UNDERSTAND HOW AI CAN FAIL
The development teams of the future will be building AI into their software, in addition to helping them program. So, they will need to be familiar with all the ways AI can fail. With AI, testing and debugging become even more important. Companies will need to understand that, and make sure that there is sufficient time to test, and that the programmers have the skills needed to test well. Programmers may spend less time writing code, but they'll have to spend more time thinking through all the corner cases, making sure that everything is tested. Don't underestimate the difficulty here: AIs don't make the same kinds of mistakes that we do. Techniques like fuzzing — testing with random input — may become the best way to find out where AIs have failed.
Mike Loukides
VP of Emerging Tech Content, O'Reilly Media
ESTABLISH GUARDRAILS
While this is all to the benefit of DevOps teams, it is vital to ensure AI guardrails are implemented across the board for security purposes. By doing so, DevOps teams can rest easy knowing they can remain focused on innovation while maintaining robust protection against evolving threats.
Eoin Hinchy
CEO and Co-Founder, Tines
Implementing a robust governance framework to oversee AI integration will help maximize benefits and mitigate any potential risks. Simply put, the easier it becomes to build apps using GenAI, the more crucial and central governance will become to IT's remit.
Jithin Bhasker
GM & VP for the App Engine Business , ServiceNow
As companies encourage implementation, it is crucial that customers implement strong governance frameworks and tools to avoid introducing new risks in their business from AI generated code. Adopting best practices is important, but establishing and enforcing these practices ensures adherence to standards and mitigates risks effectively.
Peter White
SVP of Emerging Products, Automation Anywhere
DEFINE AI USAGE POLICIES
The AI journey is one of perpetual learning. First and foremost, make sure your company has defined an AI usage policy and a standard set of criteria for evaluating new tools that utilize AI.
Todd McNeal
Director of Product Management, SmartBear
A key requirement is to implement an AI policy and ensure it's read and understood by everyone in the company, not just developers. This requires researching the most appropriate LLMs (MS, AWS, Google, etc.) for your organization.
Rupert Colbourne
CTO, Orbus Software
IMPLEMENT AN AI MANAGEMENT SYSTEM
Importantly, before AI integration progresses too far, companies should consider leveraging ISO 42001 to build a framework for an AI Management System (AIMS). This proactive approach to governing AI use can help ensure responsible and effective implementation, mitigate risks, and align AI initiatives with organizational goals and ethical standards. Establishing such a framework early can provide a solid foundation for scaling AI use in development processes.
Thomas Fou
VP of Compliance Services, BlueAlly
USE SAME OVERSIGHT AS YOU WOULD FOR HUMAN DEVELOPERS
The risks that come to mind for most people are along the lines of "what if AI writes inefficient code? Or code that the engineers don't understand fully?". That's 100 percent a consideration, but it's worth clarifying that I don't see it as a unique risk from AI. I'd argue that sometimes software engineers can write inefficient code, or code that their successor or peers don't fully understand when they leave the company. My advice is to make sure you still maintain the same type of systems with AI in the loop that you would for humans. This includes peer reviews, code documentation, and so on. Having humans in the loop, and accepting from time to time that you may need to adjust, correct, or intervene is key.
Jeff Hollan
Head of Applications and Developer Platform, Snowflake
FOCUS ON SECURITY
The security of organizations' IP is the most important thing. It's imperative that users don't sacrifice data security in the name of AI productivity.
Jeff Hollan
Head of Applications and Developer Platform, Snowflake
While AI is the shiny new thing all organizations are moving towards, it is important not to rush to capitalize on the benefits of AI. Too often companies overlook application security, leading to significant security gaps, especially at the application layer where sensitive data is most at risk. While executives recognize the need for a new security governance model for AI, only a small fraction of AI projects actually incorporate a security component, reflecting a clear gap.
Chetan Conikee
Co-Founder and CTO, Qwiet AI
EVALUATE YOUR DATA SECURITY
Understand your current data policies and where things are stored. What are the crown jewels that make your business tick? Are there proper controls around the human interaction itself as of right now? If not, then do not assume that AI will solve that for you. If your modern data controls aren't in place from a developer standpoint, then it is probably safe to assume there is now a higher risk once AI is supporting the building.
Sean Heide
Research Technical Director, Cloud Security Alliance
Utilize AI for Patch Management
Implement smart patching solutions to address third-party vulnerabilities efficiently. AI-driven recommendations can help developers find and remediate software vulnerabilities quickly.
Javed Hasan
CEO and Co-Founder, Lineaje
ENSURE TRAINING DATA QUALITY
Data quality can be a great indicator of the tool's performance, so we advise verifying that the AI training data is clean, well-structured, and representative of your development processes.
Dotan Nahum
Head of Developer-First Security, Check Point Software Technologies
We should embrace this technology, but we need to do it safely. If machine models are only as good as the training data and methods used to teach them, generative AI models also need supervised training on curated datasets that protect privacy.
Chris Wysopal
Co-Founder and Chief Security Evangelist, Veracode
Don't be afraid to use AI for development but ensure that it's coming from trusted sources. AI providers must be clear and transparent about the data and methodology that is used to train their large language models. This applies across all AI-driven tools because the adoption and management of AI becomes significantly more difficult, expensive, and risky without such transparency. When AI models and tools are transparent by default, businesses can spend more time looking for solutions to their problems, rather than worrying about the reliability of the tools they're using.
Keri Olson
VP of Product Management, AI for Code, IBM
TREAT AI LIKE AN INTERN
For the time being I'd suggest treating AI for coding or test generation the same way you'd treat someone new on the team, new to your organization. Better yet maybe treat them like an intern or apprentice. Give them some work to do and check it thoroughly. Once you've done that, you'll start to learn what they're good and bad at and when to trust them.
Arthur Hicken
Chief Evangelist, Parasoft
TREAT AI RESPONSES AS SUGGESTIONS, NOT THE TRUTH
We need to be cautious and take it as a suggestion and never take a response as 100% truth.
Udi Weinberg
Director of Product Management, Research and Development, OpenText
Go to: Exploring the Power of AI in Software Development - Part 13: More Recommendations
Industry News
Red Hat signed a strategic collaboration agreement (SCA) with Amazon Web Services (AWS) to scale availability of Red Hat open source solutions in AWS Marketplace, building upon the two companies’ long-standing relationship.
CloudZero announced the launch of CloudZero Intelligence — an AI system powering CloudZero Advisor, a free, publicly available tool that uses conversational AI to help businesses accurately predict and optimize the cost of cloud infrastructure.
Opsera has been accepted into the Amazon Web Services (AWS) Independent Software Vendor (ISV) Accelerate Program, a co-sell program for AWS Partners that provides software solutions that run on or integrate with AWS.
Spectro Cloud is a launch partner for the new Amazon EKS Hybrid Nodes feature debuting at AWS re:Invent 2024.
Couchbase unveiled Capella AI Services to help enterprises address the growing data challenges of AI development and deployment and streamline how they build secure agentic AI applications at scale.
Veracode announced innovations to help developers build secure-by-design software, and security teams reduce risk across their code-to-cloud ecosystem.
Traefik Labs unveiled the Traefik AI Gateway, a centralized cloud-native egress gateway for managing and securing internal applications with external AI services like Large Language Models (LLMs).
Generally available to all customers today, Sumo Logic Mo Copilot, an AI Copilot for DevSecOps, will empower the entire team and drastically reduce response times for critical applications.
iTMethods announced a strategic partnership with CircleCI, a continuous integration and delivery (CI/CD) platform. Together, they will deliver a seamless, end-to-end solution for optimizing software development and delivery processes.
Progress announced the Q4 2024 release of its award-winning Progress® Telerik® and Progress® Kendo UI® component libraries.
Check Point® Software Technologies Ltd. has been recognized as a Leader and Fast Mover in the latest GigaOm Radar Report for Cloud-Native Application Protection Platforms (CNAPPs).
Spectro Cloud, provider of the award-winning Palette Edge™ Kubernetes management platform, announced a new integrated edge in a box solution featuring the Hewlett Packard Enterprise (HPE) ProLiant DL145 Gen11 server to help organizations deploy, secure, and manage demanding applications for diverse edge locations.
Red Hat announced the availability of Red Hat JBoss Enterprise Application Platform (JBoss EAP) 8 on Microsoft Azure.
Launchable by CloudBees is now available on AWS Marketplace, a digital catalog with thousands of software listings from independent software vendors that make it easy to find, test, buy, and deploy software that runs on Amazon Web Services (AWS).