In Episode 111 of Cybersecurity Minute, Chris Hughes covers a new report on cybersecurity and artificial intelligence (AI) code generation from Snyk, which is included in the Acceleration Economy Top 10 Shortlist for Cybersecurity Providers.
highlight
00:21 — Snyk, a cloud-native security company focused on application security, software supply chain security, and other capabilities, released a report on AI-generated code.
01:05 — We found that AI code generation tools regularly recommend vulnerable open source software libraries. This means that we do not necessarily recommend the best library from a security perspective. Additionally, the developer was also found to have a false sense of security regarding AI code generation tools.
02:19 — 75% of developers also say they believe AI code is more secure than human code. However, code scanning tools are finding something different. Another finding is that 80% of developers surveyed admitted to using these tools to circumvent security policies.
03:02 — Less than 25% of those surveyed said they use tools such as software composition analysis to identify vulnerabilities in AI-generated code. This means they are using these tools to circumvent policies.
04:04— Although these AI code generation tools are widely adopted and used, security is not a key consideration. They may be able to produce code and products faster, but they may also produce vulnerabilities and vulnerable code faster.