5 Critical Security Risks to Watch Out for When Using AI Tools in Development
Published on: March 10, 2024
A recent report by Snyk indicates that about 96% of developers are employing AI tools, despite acknowledging potential security concerns. The report, based on a survey of 537 software engineering and security team members and leaders, sheds light on the widespread use of generative AI tools in the development process.
While these AI tools have shown a tendency to create insecure code, the report reveals that 96% of development teams continue to use them, with over half utilizing AI tools regularly. Additionally, a surprising 79.9% of respondents admitted to bypassing their organization's security policies to employ AI in their work.
Simon Maple, Principal Developer Advocate at Snyk, expressed concern over this trend, stating, 'It was surprising to me to see that it was that high.' He emphasized the importance of addressing the security risks associated with AI tooling.
One of the key issues highlighted in the report is the lack of automation in security processes. Only 9.7% of respondents reported that their teams automated 75% or more of security scans. This deficiency in automation leaves a significant gap in security measures, especially as AI adoption accelerates.
Despite the acknowledged insecurity of code suggestions from generative AI, the report suggests that many developers place excessive trust in these AI systems. This misplaced trust can lead to security vulnerabilities, as AI-generated code may not be as secure as assumed.
The report also points out that the widespread use of AI in software development contributes to open-source security challenges. It highlights that only 24.6% of organizations use software composition analysis to verify the security of AI-generated code suggestions.
Furthermore, the report warns about a potential feedback loop where insecure open-source suggestions from AI tools go unchecked, leading to security issues both in the organization's codebase and the AI systems themselves. The report calls for increased education and the use of industry-approved security tools to address these concerns.
In conclusion, the report underscores the need for a balanced approach to AI adoption in software development. While AI tools offer efficiency gains, developers should remain vigilant about security and not blindly trust AI-generated code. Education and automation are key to mitigating the associated risks and ensuring secure AI development.