Most developers (85%) and security teams (75%) have security concerns over relying on GenAI to develop software.
BOSTON, Massachusetts – November 19, 2024 – Legit Security, the definitive application security posture management (ASPM) leader providing end-to-end visibility and protection across the entire software factory, today announced the release of a new survey report, “Use and Security of GenAI in Software Development.” Capturing the perspectives of security and development professionals to uncover concerns about the visibility into and approaches to managing GenAI, the report’s findings revealed that both teams face critical security challenges when using GenAI in software development.
“As generative AI transforms software development and becomes increasingly embedded in the development lifecycle, there are some real security concerns among developers and security teams,” said Liav Caspi, Co-Founder and CTO at Legit. “Our research found that teams are challenged with balancing the innovations of GenAI and the risks it introduces by exposing their applications and their software supply chain to new vulnerabilities. While GenAI is undoubtedly the future of software development, organizations must be mindful of its new risks and ensure they have the appropriate visibility into and control over its use.”
GenAI is quickly changing the software development process by automating tasks that once took developers hours, if not days, to complete, bolstering efficiency and productivity. Eighty-eight percent of developers report using it within their development organization, reflecting a broad shift in how development teams augment their capabilities with AI to meet tight deadlines and complex project demands. Despite the high rate of adoption, security is a critical concern. For instance, previous research by Legit revealed that LLMs and AI models contain bugs and vulnerabilities that can lead to AI supply chain attacks.
The report’s key findings include:
- Increased Use of GenAI in Software Development: 96% of security and software development professionals report that their companies use GenAI-based solutions for building or delivering applications. Among these respondents, 79% report that all or most of their development teams regularly use GenAI.
- Code Assistant Use Is Worrying: 84% of security professionals are concerned about using code assistants and cite unknown and/or malicious code as their primary concern.
- Growing Concerns Over GenAI Security: 98% believe that security teams need a better handle on how GenAI-based solutions are used in development. 94% report they need more effective ways to manage GenAI use in their company's research and development efforts.
- Apprehension on GenAI Over-Reliance: 85% of developers and 75% of those in security have security concerns over relying too much on GenAI solutions to develop software.
- Developers Fear Loss of Critical Thinking: More developers than security professionals report concern over loss of critical thinking due to AI use in development (8% vs. 3%).
- GenAI is the Future: 95% of respondents predict that software developers will be more reliant on GenAI in the next five years, with none foreseeing reduced reliance.
The report’s findings underscore GenAI's importance in software development. However, as organizations increasingly adopt it into their CI/CD pipelines and software supply chains, they need to prioritize security and improve oversight while boosting collaboration between development and security teams.
To download the report, visit https://info.legitsecurity.com/survey-report-use-and-security-of-genai-in-software-development
Methodology
The survey, conducted by Regina Corso Consulting on behalf of Legit Security, gathered insights from over 400 security professionals and software developers across various industries in North America. Respondents were drawn from companies of all sizes, from small tech startups to large multinational organizations, all dealing with the integration of AI into their software development processes.
About Legit Security
Legit is a new way to manage your application security posture for security, product, and compliance teams. With Legit, enterprises get a cleaner, easier way to manage and scale application security and address risks from code to cloud. Built for the modern SDLC, Legit tackles the most challenging problems facing security teams, including GenAI usage, proliferation of secrets, and an uncontrolled dev environment. Fast to implement and easy to use, Legit lets security teams protect their software factory from end to end, gives developers guardrails that let them do their best work safely, and delivers metrics that prove the security program's success. This new approach means teams can control risk across the business – and prove it.
Media Contact for Legit Security:
Michelle Yusupov
Hi-Touch PR
443-857-9468