How AI is transforming the SDLC, from requirements to zero-days: Q&A with Neeraj Abhyankar of R Systems

How AI is transforming the development lifecycle [Q&A]

A hiring crunch is stretching teams thin and pushing product roadmaps off track. Many orgs are responding by rethinking the SDLC and handing repetitive work to AI, so engineers can ship better systems with fewer interruptions.

We spoke with Neeraj Abhyankar, VP of Data and AI at R Systems, to map out where AI actually delivers in the lifecycle, where it still trips up, and how teams can put it to work without risking quality.

Requirements: catch what's missing before it gets expensive

Early scoping misses are a silent tax. Using AI to analyze past projects, stakeholder notes, and domain docs helps surface implied requirements and edge cases you'd otherwise discover in UAT.

Teams are auto-generating user stories, flagging functional gaps, and building traceability matrices that tie requirements to tests and design elements. You still need humans for nuanced business logic and shifting priorities, but AI cuts noise and reduces rework.

• Mine historical tickets and specs to draft user stories and acceptance criteria.
• Generate a requirements-to-tests traceability matrix on day one.
• Run ambiguity checks on terminology and cross-team dependencies.

Developer productivity: assistants reduce grind, not judgment

The biggest lift is in repetitive work-boilerplate, refactoring, documentation, and stabilizing builds. Teams are also using agentic tools to optimize queries and clean up legacy code, which speeds onboarding and prototypes.

Where tools fall short: complex logic, long-range context across big codebases, and subtle bugs when suggestions are accepted blindly. Treat the assistant as a collaborator with guardrails, not a drop-in replacement.

• Enforce human-in-the-loop with code review gates for AI-suggested changes.
• Benchmark suggestions against unit tests and style/lint rules.
• Chunk large contexts; provide architectural notes and contracts for better outputs.

Security: integrate AI into testing, keep manual pen tests

Agent frameworks can simulate attack paths pre-release and expand SAST/DAST coverage. Unsupervised models spot behavioral anomalies for earlier zero-day signals, while custom benchmarks help test prompt injection and data leakage in AI-infused features.

This works best inside the CI/CD pipeline for continuous validation. Manual penetration testing still matters for creative abuse cases and chaining vulnerabilities.

• Add AI-driven SAST/DAST and dependency scanning to the pipeline.
• Create red-team prompts and abuse suites for LLM features; track results over time.
• Monitor anomaly patterns in runtime logs to flag suspicious behavior early.

Useful references: OWASP Top 10 for LLM Applications, NIST Secure Software Development Framework (SSDF).

Maintenance: from reactive fixes to proactive hygiene

Modern tools monitor for outdated libraries and known CVEs, then suggest-or in controlled cases, apply-patches automatically. Copilots can help with dependency resolution, regression testing, and performance tuning to lower toil and reduce incidents.

Automation still needs governance. Unchecked updates create instability, so pair semantic versioning with strong test coverage and clear approvals.

• Gate auto-upgrades behind canary builds and contract tests.
• Track dependency drift and set SLAs for critical patches.
• Schedule AI-assisted refactor passes to reduce technical debt quarterly.

The modern engineer: orchestrator of AI-driven workflows

Engineers now guide and evaluate AI, not just write code. Core skills include prompt design, agent integration, and model evaluation, plus comfort with APIs, semantic models, and orchestration frameworks.

Equally vital: critical thinking, ethical reasoning, and collaboration. Design systems for modularity and human oversight so automation amplifies, not overrides, engineering judgment.

• Develop prompt patterns and evaluation criteria for your domain.
• Instrument feedback loops: collect bad suggestions, retrain prompts/policies.
• Document risks and safeguards for model use across services.

If your team is leveling up on prompt design or AI workflows, see curated learning paths: Prompt engineering resources.

Rollout playbook: small steps, measurable wins

• Start with a pilot: one repo, one team, two use cases (e.g., refactoring and test generation).
• Define success metrics: PR cycle time, defect escape rate, MTTR, test coverage.
• Integrate into CI/CD with policy controls and audit logs.
• Create a review checklist for AI-generated code and documentation.
• Expand to security, then maintenance once quality signals are steady.

Bottom line

AI trims the toil across the SDLC-requirements clarity, code throughput, security coverage, and maintenance hygiene. Keep humans in the loop, wire quality checks into the pipeline, and iterate on benchmarks. The teams that pair speed with discipline will hit roadmap targets with fewer surprises.