Enterprises struggle to govern use of AI in development

No Comments

A new study from Checkmarx shows that 99 percent of enterprises are using AI code generation tools, yet only 29 percent have established any form of governance.

The survey of 900 CISOs and application security professionals worldwide finds 15 percent of respondents have explicitly prohibited the use of AI tools for code generation within their organizations.

"Enterprise CISOs are grappling with the need to understand and manage new risks around generative AI without stifling innovation and becoming roadblocks within their organizations," says Sandeep Johri, CEO at Checkmarx. "GenAI can help time-pressured development teams scale to produce more code more quickly, but emerging problems such as AI hallucinations usher in a new era of risk that can be hard to quantify. Checkmarx has successfully foreseen the problems that can arise with AI-generated code and we're proud to be delivering next-stage solutions within the Checkmarx One platform today."

Among other findings, 70 percent say there is no centralized strategy for generative AI, with purchasing decisions made on an ad-hoc basis by individual departments. 60 percent are worried about GenAI attacks such as AI hallucinations (where GenAI produces inaccurate or silly results), while 80 percent are worried about security threats stemming from developers using AI.

Although 47 percent of respondents say they're interested in allowing AI to make unsupervised changes to code, six percent say that they wouldn't trust AI to be involved in security actions within their vendor tools.

"The responses of these global CISOs expose the reality that developers are using AI for application development even though it can't reliably create secure code, which means that security teams are being hit with a flood of new, vulnerable code to manage," says Kobi Tzruya, chief product officer at Checkmarx. "This illustrates the need for security teams to have their own productivity tools to manage, correlate and help them prioritize vulnerabilities, as Checkmarx One is designed to help them do."

You can get the full report on the Checkmarx site.

Image credit: BiancoBlue/depositphotos.com

No Comments
Got News? Contact Us

Recent Headlines

Is your network future-proofed for the age of AI?

Save $9! Get 'Java and Algorithmic Thinking for the Complete Beginner' for FREE

Forget TeamViewer, RustDesk is the open-source alternative you've been looking for

Old habits, new threats -- Why more phishing attacks are bypassing outdated perimeter detection

Stealth mode browser helps spot sneaky phishing attempts

Satechi launches upgraded slim multi-port adapters with enhanced speed and power

Satechi unveils vegan-leather passport cover with Find My for secure and stylish travel

Most Commented Stories

Forget Windows 11, the stunning Windows 10 2024 Edition is the operating system you want

34 Comments

10 shocking reasons Windows 10 outshines Windows 11

22 Comments

Rectify11 update arrives to fix Windows 11 -- download it now

18 Comments

Say goodbye to Microsoft Windows 11 and hello to Nitrux Linux 3.6.1

14 Comments

Microsoft is testing a change to the Windows 11 Start menu that you might actually like

14 Comments

Forget Microsoft Windows 11, the Chinese-made deepin Linux 23 is the operating system you really want

12 Comments

Microsoft is bringing ads to the Windows 10 Start menu, just like in Windows 11

11 Comments

Goodbye Windows 11, hello Linux: Discover how ExTiX Deepin 24.8 can free your computer from Microsoft

11 Comments

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.