Author

Harry Menear

Published

27 June 2024

Estimated Read time

3Mins

Martin Reynolds, Field CTO at Harness, explores how developer toil is set to triple as generative AI increases the volume of code that needs to be tested and remediated.

Harness today warns that the exponential growth of AI-generated code could triple developer toil within the next 12 months, and leave organisations exposed to a bigger “blast radius” from software flaws that escape to production. Nine-in-ten developers are already using AI-assisted coding tools to accelerate software delivery. As this continues, the volume of code shipped to the business is increasing by an order of magnitude. It is therefore becoming difficult for developers to keep up with the need to test, secure, and remediate issues in every line of code they deliver. If they don’t find a way to reduce developer toil in these stages of the software delivery lifecycle (SDLC) it will soon become impossible to prevent flaws and vulnerabilities from reaching production. As a result, organisations will face an increased risk of downtime and security breaches. 

“Generative AI has been a gamechanger for developers. Now, they can suddenly complete eight-week projects in four,” said Martin Reynolds, Field CTO at Harness. “However, as the volume of code developers ship to the business increases, so does the ‘blast radius’ if developers don’t rigorously test for flaws and vulnerabilities. AI might not introduce new security gaps to the delivery pipeline, but it does mean there’s more code being funnelled through existing ones. That creates a much higher chance of vulnerabilities or bugs being introduced unless developers spend significantly more time on testing and security. When developers discovered the Log4J vulnerability, they spent months finding affected components to remediate the threat. In the world of generative AI, they’d have to find the same needle in a much larger haystack.” 

Fighting fire with fire

Harness advises that the only way to contain the AI-generated code boom is to fight fire with fire. This means using AI to automatically analyse code changes, test for flaws and vulnerabilities, identify the risk impact, and ensure developers can roll back deployment issues in an instant. To reduce the risk of AI-generated code while minimising developer toil, organisations should:

  • Integrate security into every phase of the SDLC – developers should build secure and governed pipelines to automate every single test, check, and verification required to drive efficiency and reduce risk. Applying a policy-as-code approach to the software delivery process will prevent new code making its way to production if it fails to meet strict requirements for availability, performance, and security.
  • Conduct rigorous code attestation – The Solarwinds and MoveIT incidents highlighted the importance of extending secure delivery practices beyond an organisation’s own four walls. To minimise toil, IT leaders must ensure their teams can automate the processes needed to monitor and control open source software components and third-party artifacts, such as generating a Software Bill of Materials (SBOM) and conducting SLSA attestation.
  • Use Generative AI to instantly remediate security issues – As well as enabling development teams to create code faster, generative AI can also help them to quickly triage and analyse vulnerabilities and secure their applications. These capabilities enable developers and security personnel to manage security issue backlogs and address critical risks promptly with significantly reduced toil.

Where to go from here

“The whole point of AI is to make things easier, but without the right quality assurance and security measures, developers could lose all the time they have saved,” argues Reynolds. “Enterprises must consider the developer experience in every measure or new technology they implement to accelerate innovation. By putting robust guardrails in place and using AI to enforce them, developers can more freely leverage automation to supercharge software delivery. At the same time, teams will spend less time on remediation and other workloads that increase toil. Ultimately, this reduces operational overheads while increasing security and compliance, creating a win-win scenario.”

  • Data & AI

Related Stories

How CEOs can drive culture change around diversity and inclusion

Diane Lightfoot, CEO of Business Disability Forum, on changing the narrative around diversity and inclusion in the workplace

Read now

Issue 39 of Interface magazine is live!

Ian Povey, CIO – Head of Payments Services & Technology, on the strategic transformation taking place at NatWest benefitting both the bank and its customers

Read now

Issue 34 of Interface magazine is live!

Our cover story this month investigates how Fleur Twohig, Executive Vice President, leading Personalisation & Experimentation across Consumer Data & Engagement Platforms, and her team are executing Wells Fargo’s strategy to promote personalised customer engagement across all consumer banking channels

Read now
David Watkins, Solutions Director at VIRTUS, examines how data centre operators can meet rising demand driven by AI and reduce environmental impact.

Data centre thermal management in an age of AI workloads

David Watkins, Solutions Director at VIRTUS, examines how data centre operators can meet rising demand driven by AI and reduce environmental impact.

Read now
Gabe Hopkins, Chief Product Officer at Ripjar, examines the upsides and downsides of integrating generative AI into the compliance process.

Generative AI in compliance: Pros, cons, and challenges 

Gabe Hopkins, Chief Product Officer at Ripjar, examines the upsides and downsides of integrating generative AI into the compliance process.

Read now
Rob Pocock, Technology Director at Red Helix, explores how cyber security teams can guard against the rising tide of cyber threats.

Building defences for a cyber tsunami

Rob Pocock, Technology Director at Red Helix, explores how cyber security teams can guard against the rising tide of cyber threats.

Read now
UK telecom BT plans to use ServiceNow’s generative AI to increase efficiency, cut costs, and potentially lay off 10,000 workers.

BT latest to strengthen AI investment with ServiceNow partnership expansion  

UK telecom BT plans to use ServiceNow’s generative AI to increase efficiency, cut costs, and potentially lay off 10,000 workers.

Read now
AI chatbots and other supposedly easy wins can quickly spiral into waste, overspending, and security problems, while efficiencies fail to materialise.

Chasing AI: the danger of rushing to pick the “low hanging fruit” 

AI chatbots and other supposedly easy wins can quickly spiral into waste, overspending, and security problems, while efficiencies fail to materialise.

Read now
No one doubts the value of data, but inaccurate, low quality, poorly organised data is a growing problem for organisations across multiple industries.

Better, not bigger: the AI data quality crisis  

No one doubts the value of data, but inaccurate, low quality, poorly organised data is a growing problem for organisations across multiple industries.

Read now
Rosemary J. Thomas, Senior Technical Consultant at Version 1 shares her analysis of the evolving regulatory landscape surrounding artificial intelligence.

The evolving AI regulatory landscape: A critical insight

Rosemary J. Thomas, Senior Technical Consultant at Version 1 shares her analysis of the evolving regulatory landscape surrounding artificial intelligence.

Read now

Welcome to issue 51 of CPOstrategy! 

Our cover story this month…  Marriott International Inc: A more sustainable supply chain  With science-based targets approved, Marriott is accelerating…

Read now
Martin Reynolds, Field CTO at Harness, explores the role of internal developer portals in overcoming software development pain points.

The rise of Internal Developer Portals in the quest to streamline innovation

Martin Reynolds, Field CTO at Harness, explores the role of internal developer portals in overcoming software development pain points.

Read now

We believe in a personal approach

By working closely with our customers at every step of the way we ensure that we capture the dedication, enthusiasm and passion which has driven change within their organisations and inspire others with motivational real-life stories.

Get in touch