Software development must balance speed with security as AI accelerates code creation
AI is forcing a reckoning in software development. Teams can now generate code faster than humans can review it, creating a gap between development velocity and security assurance. The challenge: building trusted software that ships quickly without cutting corners on security.
Eight themes emerged from conversations with development leaders and security experts about how teams are adapting to this shift.
1. Container images are the new security battleground
In containerized environments, the image sits at the core of software delivery. Enterprises responding to demands for speed and scale are stripping images down to essentials-reducing packages, shrinking runtime footprint, and cutting vulnerabilities at the source.
Security must become nearly invisible to developers, protecting the delivery pipeline without slowing engineering teams down.
2. AI both outpaces and enables auditing
Developers once worked line by line. AI has turned software creation into a much faster process that can now exceed human review capacity. The industry faces a paradox: AI is both the problem and the solution.
Teams must use AI and secure pipelines to scale review and ensure software is safe to ship.
3. Security extends beyond containers to all software components
Hardened container images alone are no longer sufficient. Security now covers library artifacts across Python, Java, and JavaScript, plus new efforts to help teams use AI tools safely without increasing risk.
Trusted software must secure the full chain of components, not just the container.
4. Human judgment remains irreplaceable
AI tools are helpful but imperfect, especially in regulated environments. They may not always provide correct guidance or understand which requirements take priority.
Organizations still need experts who can translate compliance frameworks-like NIST 800-53-into practical architecture and security implementations that satisfy audits and improve actual security.
5. Shift-left security becomes a workflow change
Moving security checks earlier in the development lifecycle requires more than new tools. It demands culture and process change.
Effective implementations build guardrails and unified developer platforms that make one interface the standard path for creating images, repositories, and code across the full software development lifecycle.
6. AI agents may become essential for faster problem resolution
Current diagnostic processes will not keep pace as software teams move faster. Deployment failures still take too long to diagnose and resolve at the root cause.
AI and agents will become increasingly important in helping platform engineering teams identify problems faster and fix them with greater speed and precision.
7. The SDLC itself must evolve for the AI era
Software development has continued to accelerate, but that pace has made security more complicated. Organizations need a modern, secure development process built around trusted open-source components and responsible AI adoption.
8. Supply chain risk has reached the board level
Software supply chain security is no longer an engineering concern. The past year has sharpened awareness of how much open source is embedded across organizations and how AI helps attackers find exploits faster.
That growing sense of risk has pushed supply chain security higher into the C-suite, with organizations recognizing that exposure begins throughout the development process, not just in production.
The path forward
Automated software factories-where development pipelines operate more like assembly lines-represent the competitive advantage ahead. These systems can deliver code faster without sacrificing consistency or security.
Human oversight remains necessary. But as teams adopt AI for software development, the standard for trust is getting more rigorous. Security must be built in from the start, not bolted on at the end.
Your membership also unlocks:
