At the tip of the current iceberg were concerns about security vulnerabilities, copyright protection, insufficient training, and AI underutilization.

In a June 2023 survey of 1,001 individual contributors and leaders in development, IT operations, and security across a mix of industries and business sizes worldwide on social media channels and email lists on AI and DevSecOps trends, a sizeable group of respondents were showing an “adoption dilemma”.

The dilemma here comprises concerns by respondents that AI-generated code may introduce security vulnerabilities and the code may not be subject to the same intellectual property/copyright protection as that of human-generated code.

Also, the survey data indicated a discrepancy between organizations’ and practitioners’ satisfaction with AI training resources: despite 75% of respondents indicating that their organization provided training and resources for using AI, a roughly equal proportion noted they were finding resources on their own, suggesting that the available resources and training may be insufficient.

Other findings include:

    • 83% of respondents indicated that implementing AI in their software development processes was essential to avoid falling behind; however 79% noted they were concerned about AI tools having access to private information or intellectual property
    • 40% of all respondents cited security as a key benefit of AI adoption, with 40% of security professionals polled being concerned that AI-powered code generation will increase their workload
    • 90% of respondents reported using AI in software development or planned to do so; 81% indicated they needed more training to use AI in their work
    • 75% of polled developers’ time was being spent on tasks other than code generation, suggesting that code generation is only one area where AI can add value

According to David DeSanto, Chief Product Officer, GitLab, which commissioned the survey: “The transformational opportunity with AI goes way beyond creating code. For AI’s full potential to be realized, it needs to be embedded across the software development life cycle, allowing everyone involved in delivering secure software — not just developers — to benefit from the efficiency boost.”