2024年預(yù)測:人工智能與網(wǎng)絡(luò)安全-將顛覆變?yōu)闄C(jī)遇_第1頁
2024年預(yù)測:人工智能與網(wǎng)絡(luò)安全-將顛覆變?yōu)闄C(jī)遇_第2頁
2024年預(yù)測:人工智能與網(wǎng)絡(luò)安全-將顛覆變?yōu)闄C(jī)遇_第3頁
2024年預(yù)測:人工智能與網(wǎng)絡(luò)安全-將顛覆變?yōu)闄C(jī)遇_第4頁
2024年預(yù)測:人工智能與網(wǎng)絡(luò)安全-將顛覆變?yōu)闄C(jī)遇_第5頁
已閱讀5頁,還剩47頁未讀, 繼續(xù)免費(fèi)閱讀

下載本文檔

版權(quán)說明:本文檔由用戶提供并上傳,收益歸屬內(nèi)容提供方,若內(nèi)容存在侵權(quán),請進(jìn)行舉報(bào)或認(rèn)領(lǐng)

文檔簡介

GartnerResearch

Predicts2024:AI

&Cybersecurity—TurningDisruptionIntoanOpportunity

JeremyD’Hoinne,AvivahLitan,NaderHenein,MarkHorvath,AkifKhan,RobertsonPimentel,BartWillem-sen,DennisXu,WilliamDupre

4December2023

Gartner

Predicts2024:AI&Cybersecurity—TurningDisruptionIntoanOpportunity

Published4December2023-IDG00800663-27minread

ByAnalyst(s):JeremyD'Hoinne,AvivahLitan,NaderHenein,MarkHorvath,AkifKhan,RobertsonPimentel,BartWillemsen,DennisXu,WilliamDupre

Initiatives:CyberRisk;MeetDailyCybersecurityNeeds

GartnerpredictsthatAIwilldurablydisruptcybersecurityin

positiveways,butalsocreatemanyshort-termdisillusions.

Securityandriskmanagementleadersneedtoacceptthat2023wasonlythestarterforgenerativeAI,andprepareforits

evolutions.

Overview

KeyFindings

■GenerativeAI(GenAI)isthelatesttechnologyinalonglineofproclaimeddisruptivetechnologiespromisingtoful?lltheongoingdesirefororganizationstodrasticallyincreaseproductivitymetricsforallteamsviaautomationoftasks.

■Today,mostGenAIfunctionsbuiltintosecurityproductsarefocusedonadding

naturallanguageinterfacestoexistingproductstoimproveef?ciencyandusability,butpromisesoffullautomationstarttoappear.Pastattemptstofullyautomate

complexsecurityactivities,includingusingmachinelearningtechniques,haverarelybeenentirelysuccessfulandcanbeawastefuldistractiontoday,andwithshort-termdisillusions.

■GenAIisatpeakhype,drivingveryaggressivepredictionsbasedonthestateofthetechnologytoday.Thisleadstounrealisticdisruptionclaims,butalsoignoresnextstepsinGenAIevolution,suchasmultimodalmodelsandcompositeAI.

■TheinitialforaysbycybersecurityvendorsintogenerativeAIofferonlyalimited

glimpseofthetechnology'spromiseandmightnotbethebestindicationofwhatthefuturecouldbe.

Gartner,Inc.|G00800663Page1of23

Recommendations

Securityandriskmanagement(SRM)leadersinchargeofdevelopingcybersecurityroadmapshould:

■ConstructamultiyearapproachforprogressivelyintegratingGenAIfeaturesand

productswhentheyaugmentsecuritywork?ows.Startwithapplicationsecurityandsecurityoperations.

■Evaluateef?ciencygainsintandemwiththecostofGenAIimplementations,and

re?neyourdetectionandproductivitymetricstoaccountfornewGenAIcybersecurityfeatures.

■PrioritizeinvestmentsinAIaugmentationoftheworkforce,notjusttaskautomation.Prepareforshort-termincreasedspendandlong-termskillrequirementschanges

duetoGenAI.MonitorpotentialshiftinattacksuccessduetoGenAI.

■Accountforpotentialprivacychallengesandbalanceexpectedbene?ts,withrisksassociatedwithcumulativecostinthevaluationoflarge-scaleGenAIadoptioninsecurity.

StrategicPlanningAssumptions

By2028,multiagentAIinthreatdetectionandincidentresponsewillrisefrom5%to70%ofAIimplementationstoprimarilyaugment,notreplacestaff.

Through2025,generativeAIwillcauseaspikeofcybersecurityresourcesrequiredto

secureit,causingmorethana15%incrementalspendonapplicationanddatasecurity.

By2026,40%ofdevelopmentorganizationswillusetheAI-basedautoremediationofinsecurecodefromASTvendorsasadefault,upfromlessthan5%in2023.

By2026,attacksusingAI-generateddeepfakesonfacebiometricswillmeanthat30%ofenterpriseswillnolongerconsidersuchidentityveri?cationandauthenticationsolutionstobereliableinisolation.

By2028,theadoptionofgenerativeaugmentswillcollapsetheskillsgap,removingtheneedforspecializededucationfrom50%ofentry-levelcybersecuritypositions.

Gartner,Inc.|G00800663Page2of23

Analysis

WhatYouNeedtoKnow

PredictionsarestatementsofGartner’spositionsandactionableadviceaboutthefuture.ThisresearchhighlightsGartnerPredictsrelevantforsecurityandriskmanagement

leaderswhohavetonavigateaggressiveclaimsthatGenAIisdisruptingcybersecurity.

Pastexperiencesleadtoskepticismgivenprevious“AIwashing,”whichcausedexpensiveinvestmentsthatdidn’tdeliverexpectedresults.

In4WaysGenerativeAIWillImpactCISOsandTheirTeams,Gartnergivesrecommendationsonareasofimmediatefocusforsecurityleaders:

■ManagetheconsumptionofhostedandembeddedGenAIapplications.

■UpdateapplicationsecuritypracticestoAIapplications,usingAItrust,riskandsecuritymanagement(AITRiSM)technologies.

■Assessthe?rstwaveofGenAIannouncementsfromcybersecurityproviders,andputaplantointegratenewfeaturesandproductswhentheyaremoremature.

■AcknowledgethatmaliciousactorswillalsouseGenAIandbepreparedforunpredictablechangesinthethreatlandscape.

Excessivehypedamagesourperceptionoftimeandbalance,butroadmapplanningrequiresthatcybersecurityleadersfactorinallpossibilities,withoutastrongfactbasethatbalancescybersecurityrealitieswithGenAIhopesorpromises(seeFigure1).

Gartner,Inc.|G00800663Page3of23

Figure1:BalancingCybersecurityRealitywithGenAIHopes

Thecybersecurityindustryhaslongbeenobsessedwithfullyautomatedsolutions.ThehypesurroundingGenAIalreadyledtounrealisticpromises,potentiallydamagingthecredibilityoflonger-termimprovementscomingfromfuturefeaturesandproducts.

2023wastheyearofGenAIannouncements,2024shouldbetheyearofminimumviableproducts;2025mightbethefirstyearofGenAIintegrationinsecurityworkflowsdeliveringrealvalue.

AsstatedintheHypeCycleforGenerativeAI,2023,“Severalinnovationshavea?ve-to10-yearperiodtomainstreamadoption.”Thisisthecasefor“autonomousagents”and

Gartnerbelievesthatcybersecurityleadersfocusingonhumanaugmentationwillachievebetterresultsthanthosejumpingtooquicklyonsolutionspromisingfullautomation.

Intheshorterterm,we’llobserveexpansionsofcybersecurityusecasesfromexperimentsofmultimodalGenAI(i.e.,learningfrommorethantextcontent)andwillimproveour

abilitytomeasureproductivitygains(seeInnovationInsight:MultimodalAIExplained).

Gartner,Inc.|G00800663Page4of23

StrategicPlanningAssumptions

StrategicPlanningAssumption:By2028,multiagentAIinthreatdetectionandincident

responsewillrisefrom5%to70%ofAIimplementationstoprimarilyaugment,notreplacestaff.

Analysisby:JeremyD’Hoinne,DennisXuKeyFindings:

■Morethanathirdofthe?rstwaveofannouncementsonGenAIincybersecurityrelatetosecurityoperationactivities.Toutedcapabilitiesrangefrombasic

interactivehelppromptstonewdedicatedproductannouncementsaimedat

becomingtheprimaryinterfaceforincidentresponseandpostureassessments.

■Fullautomationofthreatdetection,alerttriageandincidentresponsesarethe“reachthemoon”objectivesofmanythreatdetection,investigationandresponse(TDIR)

initiatives.

■HistoryoftenrepeatsandGenAIsparksthesameoverly-optimistichopesforsecurityoperations,similartowhatunsupervisedmachinelearningdidforthreatdetection

morethan?veyearsago.

■Conversely,teamswithahighermaturitymightimprudentlydismissgenerativecybersecurityAI,basedontheearlyandimmatureimplementationsoflarge

languagemodels(LLMs)intheformof“SOCassistants”prompts.

Near-TermFlag:

Through2024,lessthanathirdofgenerativecybersecurityAIimplementationwillleadtosecurityoperationproductivityimprovementsforenterprises,generatingmorespend.

By2026,theemergenceofnewapproaches,suchas“actiontransformers,”combinedwithmorematureGenAItechniqueswilldrivesemiautonomousplatformsthatwillsigni?cantlyaugmenttasksexecutedbycybersecurityteams.

MarketImplications:

Buildingstrongsecurityoperationsisdif?cult,evenforlargerandwell-funded

organizations.Pickingtherightmixoftools,servicesandinternalstaffwillsufferif

cybersecurityteamsinvesttimeontoolsthatdon’tdelivertotheirpromiseofautomation.Gartner,Inc.|G00800663Page5of23

We'veobservedthispreviouslywhenimplementationsofunsupervisedmachinelearningforthreatdetectionpromisedtowipeoutfalsepositivesandenableautomatedresponse.Ittookyearsforthetoolstomature,andforsecurityoperationteamstotunethemand

narrowdownautomatedblockingtothefewusecaseswhereitworked.WithLLMstoday—andautonomousagents,multimodalandfoundationmodelsinthefuture—

organizationsfaceasimilarchallenge.EarlyclaimsofGenAIawesomenessdivert

expectationsfromincrementalimprovementsandteamaugmentationtolesslikelybigshiftsinautomation,skillrequirementsandstaffversustoolbalance.

Gartneranticipatesshort-termGenAIdisillusions,especiallyin

2024,whereexternalpressuretoincreasesecurityoperation

productivitywillcollidewithlowmaturityfeaturesandfragmentedworkflows.

Symptomsofill-preparedGenAIintegrationwillinclude:

■AbsenceofrelevantmetricstomeasureGenAIbene?ts,combinedwithpremiumpricesforGenAIadd-ons.

■Dif?cultiestointegrateAIassistantsinexistingcollaborationwork?owwithinthesecurityoperationteams,orwhenpartneringwithathird-partysecurityoperationprovider.

■Quicklygrowing“promptfatigue:”toomanytoolsofferinginteractiveinterfacetoqueryaboutthreatsandincidents.

Withtime,newAIapproaches—combinedwithothernon-AItechniqueswhererelevant—mightbringsecurityoperationsclosertoautonomousdecisionsforidenti?edusecases.EmergingAItechniquessupportingthispromiseinclude:

■Multiagentsystems(MAS):TypeofAIsystemscomposedofmultiple,independentbutinteractiveagents.

■Actiontransformers:Modelsthatlearnfromhumanactions.

■Autonomousagents:Self-promptingagentsthatcantakeactionsbasedonLLMsrecipes.

Gartner,Inc.|G00800663Page6of23

Althoughthemythoffullyautomatedresponseandself-healingorganizationsmight

nevertrulyturnintoreality,Gartnerbelievesthatthecombinationofothertechniqueswithmultiagentapproacheswillhaveabigimpactonsecurityoperationsandsecurityin

general.Deploymentsaimedatbothaugmentinghumantasksandaddingprecisionandspeedtohumaninvestigationswillbemoreeffectivethansingle-techniqueAIanalyticsdrivingfullyautonomousresponses,suchasautomatedcontainmentfortheforeseeablefuture.

Recommendations:

■NavigatethechaosofnewlyannouncedGenAIfeaturesinsecurityproductsby

introducingbusinessvalue-drivenAIevaluationframeworks,whichmeasureimpactontangiblemetricssuchasspeed,accuracyandproductivity.

■RunGenAIpilotsprimarilyforincidentresponseandexposuremanagementusecasesthatarenotrealtimeinnature.Setrealisticshort-termobjectives,suchasfalsepositivereductionoropportunitiestoextendstaffrecruitmenttoslightlylessspecializedpro?les.

■Protectthesecurityoperationteamasmuchaspossiblefrommandatesoriginatingoutsideofthesecurityteamtofullyautomateresponseandvulnerabilitytreatmentprocess.Thiswillhelpavoidresistancewhenyouneedtoimplementpromising

GenAItechniqueslater.

■Belucidaboutsecurityproviders’strategytouseGenAIasaclaimeddifferentiatortopromotelargeplatformsleadingtovendorlock-in.

■Don’tneglectproviderevaluationrequirementstoaddressprivacy,copyright,traceabilityandexplainabilitychallenges.

RelatedResearch:

4WaysGenerativeAIWillImpactCISOsandTheirTeamsHypeCycleforArti?cialIntelligence,2023

HypeCycleforGenerativeAI,2023

Busting4MythstoUnlockMoreCybersecurityValue

Gartner,Inc.|G00800663Page7of23

StrategicPlanningAssumption:Through2025,generativeAIwillcauseaspikeof

cybersecurityresourcesrequiredtosecureit,causingmorethana15%incrementalspendonapplicationanddatasecurity.

Analysisby:AvivahLitan,JeremyD’HoinneKeyFindings:

■GartnerresearchshowsthatmostenterpriseshavenotyetformalizedacceptableusepoliciesforGenAI,sosecurityandriskmanagersdonotyethaveaframeworkforinstitutingtechnicalcontrols.1

■Integratinglargelanguagemodels(LLMs)andothertypesofmodels,suchas

foundationmodelsinenterpriseapplications,bringnewrisksinthreecategories:contentanomalies,dataprotectionandAIapplicationsecurity.

■Almost90%ofenterprisesarestillresearchingorpilotingGenAI,andmostofthosehaveyettoputAITRiSM(trustriskandsecuritymanagement)technicalcontrolsorpoliciesinplace.

■VendorshostingGenAImodelsdonotalwaysprovideacompletesetofcontrolsthatmitigatetheserisks.Instead,usersneedtoacquiresolutionsthataugmenthostingvendors’limitedcontrols.

■ITleadersmustrelyonhostingLLMvendorswithprotectionoftheirdata,withouttheabilitytoverifytheirsecurityandprivacycontrols.

MarketImplications:

Theuseofthird-partyhostedLLMandGenAImodelsunlocksmanybene?ts,butusers

alsomustcontendwithnewuniquerisks,requiringnewsecuritypracticesinthreeprimarycategories:

Gartner,Inc.|G00800663Page8of23

■Contentanomalydetection

■Unacceptableormalicioususe

■Unmanagedenterprisecontenttransmittedthroughpromptsorothermethods,resultingincompromiseofcon?dentialdatainputs

■Hallucinationsorinaccurate,illegal,copyright-infringingandotherwise

unwantedorunintendedoutputsthatcompromiseenterprisedecisionmakingorcanleadtobranddamage

■Dataprotection

■Dataleakage,integrityandcon?dentialitycompromisesofbothcontentanduserdatainhostedvendorenvironment

■Inabilitytogovernprivacyanddataprotectionpoliciesinexternallyhostedenvironments,orevencontractserviceprovidersasdataprocessors

■Dif?cultyconductingprivacyimpactassessmentsandcomplyingwithvariousregionalregulations,duetotheblackboxnatureofthethird-partymodelsandthemostlyabsentpossibilitytoof?ciallycontractthesemodelprovidersas

dataprocessors,followingprivacylegislativerequirements

■AIapplicationsecurity

■Adversarialpromptingattacks,includingbusinesslogicabusesanddirectandindirectpromptinjections

■Vectordatabaseattacks

■Hackeraccesstomodelstatesandparameters

Ourrecentsurveyofover700webinarattendeesonwhatGenAIriskstheyaremost

concernedaboutvalidatedtheseriskcategories—andhighlightedthatprivacyanddatalossarethetoprisksfromITleaders.1

TheserisksareexacerbatedwhenusingexternallyhostedLLMandotherGenAImodels,asenterpriseslackcapabilitiestodirectlycontroltheirapplicationprocessesanddatahandlingandstorage.However,therisksstillexistinon-premisesmodelshostedand

directlycontrolledbytheenterprise—especiallywhensecurityandriskcontrolsarelacking.

Gartner,Inc.|G00800663Page9of23

ThesethreecategoriesofrisksconfrontusersduringruntimeofAIapplicationsand

models.Figure2showshowthesethreerisksaffectAImodeldevelopmentand

deployment,theAImodelatruntime,plustheeffectfromAIrisksintheITsupplychain.

Thisincludestrainingdata,third-partymodels,codeandlibraries,andpromptandmodelintegrations.

Thesenewattacksurfaceswilldriveenterprisesecuritydepartmentstospendtimeand

moneyimplementingGenAIsecurityandriskmanagementcontrols,suchthatapplicationanddatasecurityspendingwillincreaseatleast15%through2025.

Figure2:GenerativeAIAttackSurfacesAcrosstheAILifeCycle

Gartner,Inc.|G00800663Page10of23

Gartnerexpectsthatmanyenterpriseswillinitiallyacquiresolutionsthatmitigate

input/outputrisksthroughanomalydetectionorsecureAIapplicationstogainvisibilityintoenterpriseuseofGenAIapplicationsandmodels.Thisincludesuseofoff-the-shelfapplications,suchasChatGPTorinteractionsthroughotherintegrationpointslikeplug-ins,promptsorAPIs.GettingtheirarmsaroundenterpriseinteractionswithGenAIisthe?rstpriorityfororganizations,andtheseproductscanprovideagoodmapofthose

interactions.Oncethemapisestablished,corefunctionsofmitigatingrisksandsecuritythreatscanbegraduallydeployed.Thisallhasmajorimplicationsonsecuritystaf?ngandbudgets;henceourpredictionthatsecuritybudgetswillincrease.

Recommendations:

■OrganizewithinandacrossyourenterprisetomanagenewGenAIrisksandsecuritythreats.Onceorganized,establishacceptableGenAIusepoliciesforyourenterprise,andenforcethemonacontinualbasisinpartusingAITRiSMtechnology.

■SetupproofsofconcepttotestemergingAITRiSMproducts,specializedinGenAIinthethreenewriskandsecuritycategoriestoaugmentyoursecuritycontrols,and

applythemtoproductionapplicationsoncetheyperformasrequired.

■Usecontentanomalydetectionproductsthatmitigateinputandoutputrisksto

enforceacceptableusepolicy,andpreventunwantedorotherwiseillegitimatemodelcompletionsandresponsesfromcompromisingyourorganization’sdecision

making,safetyandsecurity.

■PerformuserawarenesstrainingtoreminduserstoalwaysvalidatetheoutputofGenAIproductsforaccuracybeforeincorporatingthemintobusinesswork?ow.

■EvaluatetheuseofAIapplicationsecurityproductstoprotectyourorganization

fromhackerswhoexploitnewGenAIthreatvectorstodamageyourorganizationanditsassets.

■Continuetouseknownsecuritycontrolstoprotectsensitiveinformation,applicationstacksandassets,butrecognizetheydon’tmitigaterisksuniquetoLLMs,suchasinaccurate,in?ammatoryorcopyrightedoutputsinresponses.

RelatedResearch:

4WaysGenerativeAIWillImpactCISOsandTheirTeams

InnovationGuideforGenerativeAIinTrust,RiskandSecurityManagement

Gartner,Inc.|G00800663Page11of23

GenerativeAIPolicyTemplate

MicrosoftAzureOpenAIvs.OpenAI:ComparingGenAITrust,RiskandSecurity

QuickAnswer:HowtoMakeMicrosoft365CopilotEnterprise-ReadyFromaSecurityandRiskPerspective

StrategicPlanningAssumption:By2026,40%ofdevelopmentorganizationswillusetheAI-basedauto-remediationofinsecurecodefromASTvendorsasadefault,upfromlessthan5%in2023.

Analysisby:MarkHorvathKeyFindings:

■Although80%ofvendorsofferingApplicationSecurityTesting(AST)havesome

formofsuggesting?xestocodebasedonsecurityproblems,(autoremediation),lessthan5%ofdevelopmentorganizationsuseit—inpartbecausethesolutionsit

offersaregenerallyexamples,ratherthanactualcode?xes.

■Developerscomplainthatautoremediationsuggestedbycodesecuritytools(ASTtools)oftenhaveadversesideeffectsonotheraspectsoftheircode,like

performanceandreliability.BecausemostdevelopershaveKPIsaroundthesecodeaspects—andlessstringentonesaroundsecurity—theyviewthesesuggestionsnegatively.

■Developerscanfeeloverloadedbythenumberofplug-instotheirdeveloper

environment—eachofferingadviceonaspeci?cparameter(e.g.,codequality

assessments,performanceandoptimizationsuggestions,etc.).AnynewadditionstotheIntegratedDevelopmentEnvironment(IDE)willneedtosynthesize

suggestionsbasedontheinputofmorethanoneautocorrectiontool.

Near-TermFlag:WhilemanyAI-basedsecurecodeassistantsareplannedorarein

development,theiradoptionbyreal-worldproductionteamsin2024,asopposedtopilotsorproofsofconcept(POCs),willbealeadingindicatorthattheyofferanadvantageoverexistingsystems.

MarketImplications:

Gartner,Inc.|G00800663Page12of23

Currently,theapplicationsecuritytestingmarketiscenteredaroundahandfulofcore

toolsusedfordeterminingelementsofcodesecurityrisk(e.g.,SAST,DAST,IAST,SCA,IaC,etc.).Althoughtheyinterfacewithdevelopersonadailybasis,theyareprimarilysecuritytoolsandweredesignedtobeusedby,andfor,securityprofessionalsworkingwith

developers.Theyareoftenheavyintermsoftechnicalsecurityjargonandassumethatdevelopershaveanunderstandingofthedata,andareabletoactionittoreducesecurity

risk.However,thereisoftenaconsiderablegapbetweenthesecuritytrainingthatdevelopersreceive,andreal-worldcodesecurityissuesthatoftendon’tlookliketheexamplestheyaretaught.

RemediationguidancefromstandardASTtoolsisusuallyintheformofautocorrection,whichworksinwayssimilartoaspellchecker(e.g.,isthislineformattedcorrectly)?

Guidancetothedeveloversisusuallyspeci?conlytosecurity,andonlytothelineorlinesinquestion.Itfailstoprovideamorecomprehensiveanalysisofdifferentaspectsofthecodeinalargercontext.Thisresultsinfairlygenericadvice,usuallyre?ectingtheOWASPtop10asthebasisofrepair.

Largelanguagemodels(LLMs)havetheadvantagethattheyarenotonlyabletomore

easilydealwithmultiplecodemetricslikesecurity,qualityandreliability,theyarevery

?exibleinthewaytheycanpresentthedataandsuggestionstodevelopers.LLMshavethepromiseofbeingabletoconvertsecurityjargonintoaneasiertounderstandformat,leadingtoabetterunderstandingoftheissueandamoreeffective?x.Thecurrent

generationofcodesecurityAIsofferadeveloperachoiceofseveraldifferentsuggestionsforaddressingvulnerabilities,puttingthedeveloperinchargeofpickingthetypeof

remediationthatbest?tsintotheapplication,thuspreservingthe“ownyourcode”philosophy.Thishasseveraladvantages:

■AIsandpeopleoftenworkbettertogetherthaneitheronealone.TheAIassistant

offersabroader(andpotentiallydeeper)viewofavulnerabilities’securityposture,whilethehumanunderstandstheapplication’scontext,goalsandwork?ows.TheAIassistantallowsabetterselectionofpossibleremediations,whilekeepingthe

application’sfunctioninmind.

■Bypresentingmultipleoptionstothedevelopers,theycanmoreeasilyrecognizeand?lteroutmisidenti?cations/hallucinationsfromtheAIassistant.

Gartner,Inc.|G00800663Page13of23

■NoneoftheautoremediationoptionsavailablefromASTtoolseffectivelyinclude

parameterslikeperformance,codequality,reliabilityetc.,whicharebothimportanttodevelopmentteamsandwell-correlatedwithsecurity?ndings.NewAI-basedcode

assistantscanoptimizeseveralvariablesbeyondjustsecuritytogivedevelopersmoremotivationinlinewiththeirdevelopmentKPIs.

Recommendations:

■MostenterprisesshouldnotusegenericLLMslikeChatGPTforcodegeneration,

codesecurityscanningorsecurecodereview,duetothehighererrorratesoftoolsnotspeci?ctosecurity.Instead,relyontoolsthatofferenterprisegradesecurityandgovernancecontrolsforassistingdeveloperswithtechnicaltaskslikesecurity.

■PilotnomorethantwoorthreedifferentAIsecuritycodeassistantstocompareandcontrasttheircapabilities.Thoughproductsarerecentlybecomingcommercially

available,themarketstillhasalongwaytogobeforethesearecommontools.Thecurrentgenerationhasstrengthsandweaknessesindifferentareas,sohave

developmentteamstestthemouttodeterminethemosteffectiveonesforyourorganization.

■Maintainingtheexistingdeveloperexperienceiscriticaltothesuccessfuladoptionofanydeveloperfocusedtools.Changesinwork?ow,experienceortestingworksagainstthe“musclememory”ofdevelopersandgeneratesfriction,whichwill

frustratedeveloperswhowillthenavoidusingthetools.

■RememberthatthesetoolsuseanLLM,whichwillneedperiodicretraining.Whenchoosingavendor,askspeci?callyaboutprivacy,dataretentionandretraining

detailstoprotectyourIP.Askaboutindemni?cationaroundIPloss,licensingissueswithsomecodeoraccidentallyre-usinganothercompany’sIP.

■AICodingAssistantsarerapidlybecomingapopularwayfordeveloperstowritebettercodeatafasterrate.BesuretorunStaticAnalysis(SAST)andSoftware

CompositionAnalysis(SCA)oncodethathasbeengeneratedbyAI.Thiswillhelpensurecodequality,protectIPrightsandcutdownonAImistakesand

misrepresentations.

RelatedResearch:

Gartner,Inc.|G00800663Page14of23

QuickAnswer:MitigatingtheTopFiveSecurityRisksofAICoding

EmergingTech:GenerativeAICodeAssistantsAreBecomingEssentialtoDeveloperExperience

MagicQuadrantforApplicationSecurityTestingHypeCycleforApplicationSecurity,2023

InnovationGuideforAICodingAssistants

StrategicPlanningAssumption:By2026,attacksusingAI-generateddeepfakesonfacebiometricswillmeanthat30%ofenterpriseswillnolongerconsidersuchidentity

veri?cationandauthenticationsolutionstobereliable

溫馨提示

  • 1. 本站所有資源如無特殊說明,都需要本地電腦安裝OFFICE2007和PDF閱讀器。圖紙軟件為CAD,CAXA,PROE,UG,SolidWorks等.壓縮文件請下載最新的WinRAR軟件解壓。
  • 2. 本站的文檔不包含任何第三方提供的附件圖紙等,如果需要附件,請聯(lián)系上傳者。文件的所有權(quán)益歸上傳用戶所有。
  • 3. 本站RAR壓縮包中若帶圖紙,網(wǎng)頁內(nèi)容里面會有圖紙預(yù)覽,若沒有圖紙預(yù)覽就沒有圖紙。
  • 4. 未經(jīng)權(quán)益所有人同意不得將文件中的內(nèi)容挪作商業(yè)或盈利用途。
  • 5. 人人文庫網(wǎng)僅提供信息存儲空間,僅對用戶上傳內(nèi)容的表現(xiàn)方式做保護(hù)處理,對用戶上傳分享的文檔內(nèi)容本身不做任何修改或編輯,并不能對任何下載內(nèi)容負(fù)責(zé)。
  • 6. 下載文件中如有侵權(quán)或不適當(dāng)內(nèi)容,請與我們聯(lián)系,我們立即糾正。
  • 7. 本站不保證下載資源的準(zhǔn)確性、安全性和完整性, 同時(shí)也不承擔(dān)用戶因使用這些下載資源對自己和他人造成任何形式的傷害或損失。

評論

0/150

提交評論