How AI is Changing Secure Code Development
Chris Wysopal, chief security evangelist at Veracode, highlights that AI is reshaping software development. Companies like Google and Microsoft report that 30% of their code now comes from AI, boosting developer productivity by 50%. While this increase in efficiency is impressive, it also brings new security challenges.
More code means more potential vulnerabilities. Wysopal explains that AI-generated code has a security quality comparable to human-written code because AI models learn from existing developer code. However, with faster code production at the same security level, the total number of vulnerabilities appearing over time also rises.
Using AI to Fix AI-Generated Code
Ironically, the answer to this problem lies in AI itself. Veracode employs large language models trained specifically on secure versus insecure code examples. These models can detect problematic code patterns and suggest or apply fixes, essentially using AI to remediate AI-generated vulnerabilities.
This approach helps manage the security risks associated with increased code velocity, making it easier to keep up with vulnerability remediation without slowing down development.
Progress in Fixing Software Flaws
Veracodeβs State of Software Security report reveals a positive trend. Over the past decade, flaw remediation improved slowly at about 1% per year. But in the last five years, improvements accelerated to a 20% increase annually. Better tools and more skilled development teams are driving this progress.
Additional Challenges in Software Security
In a recent interview at RSAC Conference 2025, Wysopal shared insights on several key topics:
- The rising influence of regulatory and market demands on software security practices.
- Effective strategies for managing vulnerability backlogs without halting development.
- Why fixing vulnerabilities in third-party open-source components often takes longer than addressing first-party code issues.
About Chris Wysopal
At Veracode, Wysopal focuses on promoting strong security practices and building relationships across the industry. He co-founded Veracode after serving as vice president of R&D at @stake, a security consultancy acquired by Symantec. Wysopal was also part of The L0pht hacker group and among the first to highlight software insecurity risks publicly.
For those interested in how AI tools can impact secure coding and development workflows, exploring specialized AI courses can provide valuable skills. You can find relevant training at Complete AI Training.
Your membership also unlocks:
