Artificial Intelligence & Machine Learning , DEF CON , Events
AI-Generated Code: Benefits vs. Downsides
Chris Wysopal of Veracode on Addressing Vulnerabilities in AI-Assisted DevelopmentGenerative AI is transforming software development. But as with most technological advancements, companies fail to consider the downsides, said Chris Wysopal, co-founder and CTO of Veracode.
See Also: Why the Future of Security Is Identity
Studies show that 30% to 40% of AI-generated code contains vulnerabilities, about the same as human-generated code. As AI tools are trained on code created by humans, particularly open-source developers, they have learned to replicate that style, Wysopal said.
"If we have similar vulnerability density, but we're creating code at a faster rate, we, as security people, have to think about ending up with a secure application at the end of the day," he said.
In this video interview with Information Security Media Group at DEF CON 2024, Wysopal also discussed:
- Why automated security testing is crucial as AI-driven development accelerates code production;
- The potential for AI to self-inspect and address security flaws in generated code;
- The importance of curated datasets for training AI models on secure coding.
At Veracode, Wysopal oversees technology strategy and information security and is responsible for the company's software security analysis capabilities. Prior to co-founding Veracode in 2006, he was vice president of research and development at security consultancy @stake, which was acquired by Symantec.