DEVOPSdigest

In the history of how Generative AI (GenAI) moved from bleeding-edge technology to the core of enterprise operations, 2024 was a banner year. GenAI traffic surged by over 890%, driven by maturing AI models, increased automation, and tangible productivity gains. What this banner year also shows is that organizations are trying out new approaches that embed AI in daily workflows. Organizations across the globe that are integrating GenAI into daily workflows are seeing productivity gains translate into an incremental economic impact of up to 40%.

A recent Palo Alto Networks report highlights the dual nature of GenAI tools: their success in areas like writing, testing, and deploying code, and the new risks they introduce, such as data exposure and malicious code generation. For DevOps teams, the key to success will be to leverage GenAI's power while ensuring control, security, and accountability.

Adoption Patterns of GenAI in App Development

The top GenAI use cases accounting for 73.5% of transactions — instances of AI usage or queries — today aren't specific to developers. These are the applications nearly every user in an organization can benefit from: writing assistants (34%), conversational agents (28.9%), and enterprise search (10.6%). Each person has an opportunity to change their daily work thanks to these innovations.

Beyond those more general use cases, developers are clearly power users, since AI developer platforms make it to the fourth spot with over 10% of all GenAI usage. These platforms offer developers real-time support by automating repetitive tasks and accelerating the software development lifecycle. AI copilots are increasingly integrated into the development environment, enabling developers to focus on more creative tasks and problem solving while AI handles the rest.

The impact of GenAI tools is widespread, though developers in different industries are adopting at a variety of rates. Those industries that require a bit of collaboration with humans, like doctors, financial regulators, or lawyers, have AI in some of their workflows, but robust adoption is further off.

Industries with fewer human touchpoints have been fertile ground for GenAI apps. High-tech and manufacturing sectors, for instance, together account for nearly 39% of GenAI coding transactions. In manufacturing, GenAI tools are used to rapidly prototype designs, automate quality inspections, and optimize supply chains. In high tech organizations, they help teams deliver software faster and with fewer bugs, freeing engineers to focus on innovation rather than maintenance.

Emerging Risks

Yet, the same tools that help people to work smarter and faster can also introduce systemic risks if not properly governed. Threat actors can manipulate AI agents through techniques like prompt injection, altering the memory and behavior of GenAI tools to produce flawed outputs or gain unauthorized access to enterprise systems.

These risks require that developers remain vigilant, understanding that while GenAI can enhance productivity, it can also be exploited when not properly secured. The takeaway for developers is clear: every GenAI tool introduces potential vulnerabilities, and understanding how these tools process and store data is essential to making decisions that keep organizations secure.

The average organization has about 66 GenAI apps in use, and of those, an average of 6.6 are classified as high-risk due to weak security controls that leave them open to data leaks and compliance failures. When that's paired with the fact that high tech organizations transferred roughly 53 GB of downloads and 14 GB of uploads per company to apps in the "Code Assistant and Generator" category in 2024, the degree of risk becomes apparent.

These facts are especially concerning given that researchers were able to exfiltrate sensitive data from code-generating conversational apps with a nearly 10% success rate. To offset these risks, developers need to scrutinize how their tools handle data and enforce strict usage policies. They must be aware of the risks associated with AI developer platforms, including data exposure, malicious code execution, and legal uncertainties around generated content.

As adoption grows, so does the need for secure development practices. Developers should prioritize tools that offer transparency, auditability, and compliance features, and work closely with security teams to vet third-party GenAI tools before integration.

Pitfalls in AI-Driven Development Workflows

As GenAI tools become more sophisticated, they also become more opaque. Just one example is the emerging trend of "vibe coding," where developers and non-developers rely on AI to generate code based on non-technical prompts. While vibe coding can accelerate development, how AI-generated code works under the hood is largely unknown to the prompter. Without visibility, developers will have a harder time debugging, auditing, and securing outputs.

The risks extend beyond code quality. AI-generated outputs can make use of insecure libraries or even embedded vulnerabilities. Without rigorous validation, these issues can spread throughout systems, leading to security breaches. Between potential quality issues and new vulnerabilities, employees are more likely to expose intellectual property, personal data, and other sensitive data.

For developers, the key is to treat AI-generated code as a starting point, not a final product. Every suggestion should be reviewed, tested, and validated before deployment. Developers must also advocate for transparency in AI tools, demanding features that allow them to trace the origin and rationale behind generated code. In this new era of AI-driven development, understanding how the tools work under the hood is not optional.

While GenAI apps present numerous risks to developers, they can be mitigated by understanding how the tools work, and being familiar with their flaws. GenAI will have immense upside across industries, secure usage of GenAI becomes even more critical. Knowing what's at stake is a great place to start.