Google unveiled a significant wave of advancements designed to supercharge how developers build and scale AI applications – from early-stage experimentation right through to large-scale deployment.
"Don't just launch an AI integration or deploy AI tools because it sounds cool," advises Cassius Rhue, VP, Customer Experience, SIOS Technology(link is external). "Understand the reasons, risks and rewards, and strategy behind your implementation. Be sure to understand all the costs for integration of these tools as well. These costs will go beyond just the price tag on the tool or service."
With this advice in mind, Part 12 of this series features expert recommendations on how to avoid the risks associated with using AI to support software development.
PLAN FOR RESISTANCE
Don't forget to consider the bad as well as the good. Plan for potential challenges to AI adoption, including employee resistance or concern.
Dotan Nahum
Head of Developer-First Security, Check Point Software Technologies(link is external)
PROCEED WITH CAUTION
All tools, including AI tools leveraged in support of development, need to be used with care, handled with caution, and leveraged with some constraint. Don't discount the need for your team's native and natural intelligence remaining front and center of the development process.
Cassius Rhue
VP, Customer Experience, SIOS Technology(link is external)
I recommend companies proceed with AI with extreme caution. AI, in my opinion, is just another tool in the toolbox, but its power and potential should neither be overstated nor underestimated. The desire to create efficiencies and save money will be a very strong driving force. However, I believe some early pioneers will suffer catastrophic disasters if they blindly dive in too deep. At a recent AI and cybersecurity meetup here in Toronto, one of the speakers gave some great advice: Introduce AI into your processes, but never remove human overview at any level. On top of fears that AI will make mistakes, or worse case fantasy scenario take over like HAL 9000 did in the movie 2001: A Space Odyssey, there is also the danger of your AI being hijacked by a bad actor or cybercriminal.
Geoff Burke
Community Manager, Object First(link is external)
UNDERSTAND HOW AI CAN FAIL
The development teams of the future will be building AI into their software, in addition to helping them program. So, they will need to be familiar with all the ways AI can fail. With AI, testing and debugging become even more important. Companies will need to understand that, and make sure that there is sufficient time to test, and that the programmers have the skills needed to test well. Programmers may spend less time writing code, but they'll have to spend more time thinking through all the corner cases, making sure that everything is tested. Don't underestimate the difficulty here: AIs don't make the same kinds of mistakes that we do. Techniques like fuzzing — testing with random input — may become the best way to find out where AIs have failed.
Mike Loukides
VP of Emerging Tech Content, O'Reilly Media(link is external)
ESTABLISH GUARDRAILS
While this is all to the benefit of DevOps teams, it is vital to ensure AI guardrails are implemented across the board for security purposes. By doing so, DevOps teams can rest easy knowing they can remain focused on innovation while maintaining robust protection against evolving threats.
Eoin Hinchy
CEO and Co-Founder, Tines(link is external)
Implementing a robust governance framework to oversee AI integration will help maximize benefits and mitigate any potential risks. Simply put, the easier it becomes to build apps using GenAI, the more crucial and central governance will become to IT's remit.
Jithin Bhasker
GM & VP for the App Engine Business , ServiceNow(link is external)
As companies encourage implementation, it is crucial that customers implement strong governance frameworks and tools to avoid introducing new risks in their business from AI generated code. Adopting best practices is important, but establishing and enforcing these practices ensures adherence to standards and mitigates risks effectively.
Peter White
SVP of Emerging Products, Automation Anywhere(link is external)
DEFINE AI USAGE POLICIES
The AI journey is one of perpetual learning. First and foremost, make sure your company has defined an AI usage policy and a standard set of criteria for evaluating new tools that utilize AI.
Todd McNeal
Director of Product Management, SmartBear(link is external)
A key requirement is to implement an AI policy and ensure it's read and understood by everyone in the company, not just developers. This requires researching the most appropriate LLMs (MS, AWS, Google, etc.) for your organization.
Rupert Colbourne
CTO, Orbus Software(link is external)
IMPLEMENT AN AI MANAGEMENT SYSTEM
Importantly, before AI integration progresses too far, companies should consider leveraging ISO 42001 to build a framework for an AI Management System (AIMS). This proactive approach to governing AI use can help ensure responsible and effective implementation, mitigate risks, and align AI initiatives with organizational goals and ethical standards. Establishing such a framework early can provide a solid foundation for scaling AI use in development processes.
Thomas Fou
VP of Compliance Services, BlueAlly(link is external)
USE SAME OVERSIGHT AS YOU WOULD FOR HUMAN DEVELOPERS
The risks that come to mind for most people are along the lines of "what if AI writes inefficient code? Or code that the engineers don't understand fully?". That's 100 percent a consideration, but it's worth clarifying that I don't see it as a unique risk from AI. I'd argue that sometimes software engineers can write inefficient code, or code that their successor or peers don't fully understand when they leave the company. My advice is to make sure you still maintain the same type of systems with AI in the loop that you would for humans. This includes peer reviews, code documentation, and so on. Having humans in the loop, and accepting from time to time that you may need to adjust, correct, or intervene is key.
Jeff Hollan
Head of Applications and Developer Platform, Snowflake(link is external)
FOCUS ON SECURITY
The security of organizations' IP is the most important thing. It's imperative that users don't sacrifice data security in the name of AI productivity.
Jeff Hollan
Head of Applications and Developer Platform, Snowflake(link is external)
While AI is the shiny new thing all organizations are moving towards, it is important not to rush to capitalize on the benefits of AI. Too often companies overlook application security, leading to significant security gaps, especially at the application layer where sensitive data is most at risk. While executives recognize the need for a new security governance model for AI, only a small fraction of AI projects actually incorporate a security component, reflecting a clear gap.
Chetan Conikee
Co-Founder and CTO, Qwiet AI(link is external)
EVALUATE YOUR DATA SECURITY
Understand your current data policies and where things are stored. What are the crown jewels that make your business tick? Are there proper controls around the human interaction itself as of right now? If not, then do not assume that AI will solve that for you. If your modern data controls aren't in place from a developer standpoint, then it is probably safe to assume there is now a higher risk once AI is supporting the building.
Sean Heide
Research Technical Director, Cloud Security Alliance(link is external)
Utilize AI for Patch Management
Implement smart patching solutions to address third-party vulnerabilities efficiently. AI-driven recommendations can help developers find and remediate software vulnerabilities quickly.
Javed Hasan
CEO and Co-Founder, Lineaje(link is external)
ENSURE TRAINING DATA QUALITY
Data quality can be a great indicator of the tool's performance, so we advise verifying that the AI training data is clean, well-structured, and representative of your development processes.
Dotan Nahum
Head of Developer-First Security, Check Point Software Technologies(link is external)
We should embrace this technology, but we need to do it safely. If machine models are only as good as the training data and methods used to teach them, generative AI models also need supervised training on curated datasets that protect privacy.
Chris Wysopal
Co-Founder and Chief Security Evangelist, Veracode(link is external)
Don't be afraid to use AI for development but ensure that it's coming from trusted sources. AI providers must be clear and transparent about the data and methodology that is used to train their large language models. This applies across all AI-driven tools because the adoption and management of AI becomes significantly more difficult, expensive, and risky without such transparency. When AI models and tools are transparent by default, businesses can spend more time looking for solutions to their problems, rather than worrying about the reliability of the tools they're using.
Keri Olson
VP of Product Management, AI for Code, IBM(link is external)
TREAT AI LIKE AN INTERN
For the time being I'd suggest treating AI for coding or test generation the same way you'd treat someone new on the team, new to your organization. Better yet maybe treat them like an intern or apprentice. Give them some work to do and check it thoroughly. Once you've done that, you'll start to learn what they're good and bad at and when to trust them.
Arthur Hicken
Chief Evangelist, Parasoft(link is external)
TREAT AI RESPONSES AS SUGGESTIONS, NOT THE TRUTH
We need to be cautious and take it as a suggestion and never take a response as 100% truth.
Udi Weinberg
Director of Product Management, Research and Development, OpenText(link is external)
Go to: Exploring the Power of AI in Software Development - Part 13: More Recommendations
Industry News
Red Hat announced Red Hat Advanced Developer Suite, a new addition to Red Hat OpenShift, the hybrid cloud application platform powered by Kubernetes, designed to improve developer productivity and application security with enhancements to speed the adoption of Red Hat AI technologies.
Perforce Software announced Perforce Intelligence, a blueprint to embed AI across its product lines and connect its AI with platforms and tools across the DevOps lifecycle.
CloudBees announced CloudBees Unify, a strategic leap forward in how enterprises manage software delivery at scale, shifting from offering standalone DevOps tools to delivering a comprehensive, modular solution for today’s most complex, hybrid software environments.
Azul and JetBrains announced a strategic technical collaboration to enhance the runtime performance and scalability of web and server-side Kotlin applications.
Docker, Inc.® announced Docker Hardened Images (DHI), a curated catalog of security-hardened, enterprise-grade container images designed to meet today’s toughest software supply chain challenges.
GitHub announced that GitHub Copilot now includes an asynchronous coding agent, embedded directly in GitHub and accessible from VS Code—creating a powerful Agentic DevOps loop across coding environments.
Red Hat announced its integration with the newly announced NVIDIA Enterprise AI Factory validated design, helping to power a new wave of agentic AI innovation.
JFrog announced the integration of its foundational DevSecOps tools with the NVIDIA Enterprise AI Factory validated design.
GitLab announced the launch of GitLab 18, including AI capabilities natively integrated into the platform and major new innovations across core DevOps, and security and compliance workflows that are available now, with further enhancements planned throughout the year.
Perforce Software is partnering with Siemens Digital Industries Software to transform how smart, connected products are designed and developed.
Reply launched Silicon Shoring, a new software delivery model powered by Artificial Intelligence.
CIQ announced the tech preview launch of Rocky Linux from CIQ for AI (RLC-AI), an operating system engineered and optimized for artificial intelligence workloads.
The Linux Foundation, the nonprofit organization enabling mass innovation through open source, announced the launch of the Cybersecurity Skills Framework, a global reference guide that helps organizations identify and address critical cybersecurity competencies across a broad range of IT job families; extending beyond cybersecurity specialists.
CodeRabbit is now available on the Visual Studio Code editor.
The integration brings CodeRabbit’s AI code reviews directly into Cursor, Windsurf, and VS Code at the earliest stages of software development—inside the code editor itself—at no cost to the developers.