Lack of Security in AI Technologies: The Urgent Need for Governmental Regulation and Developer Assistance

Lack of Security in AI Technologies: The Urgent Need for Governmental Regulation and Developer Assistance

Security Journey, a company dedicated to empowering organizations to build secure applications, has recently released a report titled "Closing the Security Gap in AI." The report, based on a roundtable discussion featuring leading voices in application security, development, and AI, highlights the growing gap between how software is built and how it is secured due to AI-driven development.

According to the report, Security Journey's approach emphasizes a security-first mindset in software development. By strengthening foundational knowledge and fostering a security-first mindset, Security Journey helps teams address vulnerabilities at the source. The company's programmatic approach to secure coding education is designed to bridge the gap between security and development, creating a culture of secure software development.

Key Steps to Close the Security Gap

The report outlines six key steps organizations must take to close the security gap caused by AI-driven development:

1. Integrating Security into AI Development Processes: Organizations need to embed security measures directly into the AI software development lifecycle. This involves adapting secure coding practices when using AI-assisted tools to prevent the rise of untested or context-lacking code that increases vulnerabilities.
2. Enhancing AI Governance and Policy: Establishing clear governance frameworks for AI use, including policies on AI-generated code ownership and responsible use, is essential to manage risks related to AI-assisted development.
3. Building a Security Culture Around AI: Fostering cultural frameworks that promote daily security awareness and responsibility among developers helps bridge the secure coding skills gap and mitigate risks introduced by rapid AI adoption in coding.
4. Addressing New Security Models for Agentic AI: Since AI agents (autonomous AI systems) introduce novel attack surfaces through dynamic tool selection and decision-making, security must evolve to include layered protections that cover build processes, access/authentication management, and real-time trust relationships management beyond traditional identity and access control systems.
5. Adopting Preventative Security Measures: Moving away from reactive security toward simpler, more robust preventative approaches helps reduce risks in complex AI-driven environments, ensuring resilience against emerging AI-related threats.
6. Improving Testing and Observability: Leveraging AI-native testing platforms that maintain robust end-to-end coverage through visual and adaptable testing strategies, alongside enhanced observability and monitoring, helps catch issues early and ensures AI-driven applications remain secure during rapid development cycles.

Security Journey's Offerings

Security Journey offers an extensive library of video-based lessons and hands-on coding exercises in sandbox environments. The company's mission is to help organizations build security into their code. Dustin Lehr, AppSec Advocate at Security Journey, states that the pressure to adopt AI is accelerating, and it's a "people problem," requiring equal emphasis on education, governance, training, support, and a culture that empowers secure choices.

The full report can be downloaded for further insights and recommendations. For more information about Security Journey and its offerings, visit www.securityjourney.com. The focus of Security Journey is on teaching developers and everyone in the software development lifecycle how to build secure applications.

1. The Security Journey report suggests that to bridge the security gap in AI-driven development, organizations should adopt a security-first mindset by integrating security measures directly into their AI software development lifecycle.
2. Dustin Lehr, from Security Journey, asserts that as the pressure to adopt AI increases, it's crucial to address this as a "people problem," focusing on education, governance, training, support, and a culture that encourages secure choices.
3. Security Journey's approach to closing the security gap revolves around their programmatic approach to secure coding education, which aims to foster a security-first mindset among developers and bridge the gap between security and development.
4. The Security Journey report emphasizes the importance of improving testing and observability, recommending the use of AI-native testing platforms for robust end-to-end coverage during rapid development cycles in order to catch potential issues early.
5. In the realm of data-and-cloud-computing, organizations can leverage Security Journey's offerings, which include a comprehensive library of video-based lessons and hands-on coding exercises, to develop secure cloud applications and enhance their overall security posture.

Read also: