Most companies use AI for security, not encryption
While many companies are using artificial intelligence for security purposes, there is a clear hesitation to use it for encryption, new research shows.
A report from JFrog found that despite nine in 10 integrating AI/ML-powered tools into security scanning and remediation efforts, only about a third (32%) report their organizations are using AI/ML for encryption.
This disparity highlights the cautious approach to using AI in the development process, likely because many are concerned about potential vulnerabilities that AI-generated code could introduce into enterprise software.
Companies are concerned about using AI for encryption
“DevSecOps teams around the world are navigating a volatile field of software security, where innovation often meets demand in an era of rapid AI adoption,” said Yoav Landman, CTO of JFrog.
While security remains a core consideration, the survey also revealed a divide over the optimal timing for security scans. About 42% believe that scanning while writing code is best, while 41% support pre-deployment scans for new software packages when they come from an open-source software repository.
The report also revealed how security appears to be hindering productivity, with around two in five saying approval to use a new package/library takes up to a week.
Additionally, the report raises concerns about the misinterpretation of Critical Vulnerability Severity Scores (CVSS) – despite 60% of security and development teams spending around a quarter of their time addressing vulnerabilities, while as many as three-quarters (74 %) of high or critical CVSS scores were found to be inappropriate in common scenarios.
Shachar Menashe, Senior Director of JFrog Security Research, summarizes: “Knowing where to place these tools, utilize their team’s time, and streamline processes is critical to keeping their SDLC secure.”
In an era increasingly characterized by cyber threats, informed decision-making and strategic resource allocation are more important than ever. Fortunately, the report also reveals a positive outlook: although threats are increasing, they may not be as serious (or at least to the same extent).