In this summary of a recent SC webcast, Neil Gerard, Cyber Security Manager at Deloitte, Clinton Herget, Field CTO at Snyk, and host Mike Shema discuss how the age of AI is yet again reinventing what it means to be a software builder.
From code writers to problem solvers
The discussion highlighted a pivotal shift: engineers are no longer just code writers, but problem solvers who must adapt to a world where AI handles much of the routine development.
Herget emphasized that while productivity gains from AI-generated code are undeniable, the shift brings long-term risks like technical debt and inconsistent documentation. Gerard noted that AI excels at specialized tasks, such as creating security monitoring tools or generating API specifications. However, he cautioned against deploying AI-generated code in full-scale applications due to concerns about efficiency, maintainability, and hidden vulnerabilities. Both agreed that human engineers remain essential—particularly in managing context, problem-solving, and ensuring that AI outputs align with business and security goals.
Guardrails, AppSec, and the security mandate
Both experts warned that AI coding engines amplify old risks and introduce new ones. Gerard likened the problem to open-source projects: the volume of bugs may rise sharply as more AI-generated code enters production. Herget pointed to specific dangers, including prompt injection, data exfiltration, and non-deterministic behavior that could expose organizations to attack.
In this new landscape, Application Security (AppSec) teams must evolve from gatekeepers to enablers. Gerard described the importance of guardrails—embedding policies and security checks directly into AI workflows to enforce standards early. Herget echoed this, noting that AppSec’s role is shifting toward guiding development teams with technical rules and risk postures rather than blocking releases.
The webcast closed with a clear call to action: Security leaders and engineers must experiment with AI safely, understand its limitations, and prepare for a future where managing multiple AI agents and their interactions becomes as critical as writing secure code itself. In the age of AI-driven development, success depends on embracing change while never losing sight of security.
Get essential knowledge and practical strategies to use AI to better your security program.
