DevOps
fromInfoWorld
3 days ago9 application security startups combating AI risks
Governance and AI usage visibility are being treated as scalable infrastructure, requiring automation, unified logging, and policy frameworks across organizations.
While AI tools are lowering the barrier to development, the gap between speed and manageability is growing. In just over a year and a half, AI code assistants have grown from an experiment to an integral part of modern development environments. They are driving strong productivity growth, but organizations are not keeping up with the associated security and governance issues.
The Office of Management and Budget (OMB) issued Memorandum M-26-05 (PDF) which officially revokes the 2022 policy known as M-22-18 and its 2023 companion policy, M-23-16. This reversal alters the governance landscape for enterprise architects and platform engineers who service federal contracts or align with federal standards. The previous directives mandated specific secure software development practices, including the widespread generation and maintenance of Software Bills of Materials (SBOMs).
AI-assisted developers produced three to four times more code than their unassisted peers, but also generated ten times more security issues. "Security issues" here doesn't mean exploitable vulnerabilities; rather, it covers a broad set of application risks, including added open source dependencies, insecure code patterns, exposed secrets, and cloud misconfigurations. As of June 2025, AI-generated code had introduced over 10,000 new "security findings" per month in Apiiro's repository data set, representing a 10x increase from December 2024, the biz said.