A Single Partner for Everything You Need Optiv works with more than 450 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner. However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
Secure AI Tool Adoption: Perceptions and Realities Breadcrumb Home Insights Blog Secure AI Tool Adoption: Perceptions and Realities January 24, 2025 In a recent report on organizational AI readiness, security and software development technologists, from top management to application developers, were surveyed on how their companies had prepared for and adopted generative AI coding tools. While organizations felt ready and believed AI coding tools and AI-generated code were safe, they failed to undertake some basic steps for secure adoption. Within the ranks, those close to the code have greater doubts about AI safety than those higher up in management. This survey included 459 IT professionals globally, including roles such as CTO, CISO, developer, engineer and application security (AppSec). Less Than 20% of Organizations Conducted AI Tool POCs Despite the standard practice of running proof of concept (POC) exercises before deploying new technologies, less than 20% of organizations followed this step for AI coding tools. The broad availability and low entry barriers of these tools likely contributed to their ad hoc adoption without running a POC to identify risks and design adequate security guardrails. While many organizations added security measures, over one-third did not, suggesting a perceived adequacy in their existing practices or a belief that AI tools do not introduce significant new risks. This was surprising, given the radical change AI-generated code introduces into the software development lifecycle. C-suite More Positive on AI Readiness Than Others C-suite respondents exhibited great confidence in their organization's readiness for AI coding tools, with 40.3% rating their organization as "extremely ready" compared with 26% of AppSec team members and 22.4% of developers. This confidence may reflect the pressure on technology leadership to implement AI tools rapidly. It also might reflect that leadership does not work directly with AI coding tools and does not consistently review AI code, so it has little direct knowledge of the downside risks. AppSec Most Worried About “Bad” AI Code and Security Policies AppSec teams are twice as likely as developers and engineers to rate AI-generated code security as "bad." Conversely, C-suite respondents are more optimistic, with 29.8% rating it as "excellent." This discrepancy suggests again that those responsible for fixing and securing code are more aware of the vulnerabilities and errors introduced by AI tools. AppSec practitioners are three times more likely to describe their organization's AI security policies as "insufficient" compared to C-suite respondents. This indicates a gap between those developing and enforcing security policies and those overseeing broader technology adoption. Security Fears Are the Biggest Barrier to AI Adoption While nearly everyone said AI for code is inevitable, a significant percentage cited ongoing concerns. Across all respondent groups, security fears are identified as the most significant barrier to adopting AI coding tools, with roughly 58% expressing this concern. This largely contradicts other survey findings that AI-generated code is mostly secure. The shared concern about security underscores the need for robust policies, measures and more specific planning and criteria on adoption practices. Conclusion: Room for Improvement in AI Adoption and Security Practices The majority of organizations are adopting AI coding tools. AI-generated code is becoming an accepted part of the software development lifecycle, deeply embedded in developer workflows. However, AI coding tools are novel and may introduce serious risks. This reality is expressed by more substantial concerns about AI code and coding tools among developers and AppSec practitioners, even as the C-suite remains overwhelmingly positive on AI coding. To ensure AI coding risk is adequately understood and managed, CTOs, CISOs and their teams should create AI adoption playbooks and criteria and build a more systematic approach to introducing new AI-powered tools for code and technology management. Recommended steps include: Implementing formal POC processes for AI tools Prioritizing feedback from AppSec teams regarding code security and tool risks Ensuring everyone touching the tools and code receives sufficient training Collecting and analyzing instances of flawed AI-generated code to inform security and QA processes Conducting regular surveys to align views on AI readiness and security across all groups By: Micah Silverman Director, Security Advocacy | Snyk Micah Silverman leads security advocacy for Snyk. With 29 years of Java experience and 20 years as a security professional, he's authored numerous articles, co-authored a Java EE book and spoken at many conferences. Share: Optiv Snyk AI Artificial Intelligence Generative AI AI coding Application Security AI readiness Optiv Security: Secure greatness.® Optiv is the cyber advisory and solutions leader, delivering strategic and technical expertise to nearly 6,000 companies across every major industry. We partner with organizations to advise, deploy and operate complete cybersecurity programs from strategy and managed security services to risk, integration and technology solutions. With clients at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can. At Optiv, we manage cyber risk so you can secure your full potential. For more information, visit www.optiv.com.
Optiv Security: Secure greatness.® Optiv is the cyber advisory and solutions leader, delivering strategic and technical expertise to nearly 6,000 companies across every major industry. We partner with organizations to advise, deploy and operate complete cybersecurity programs from strategy and managed security services to risk, integration and technology solutions. With clients at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can. At Optiv, we manage cyber risk so you can secure your full potential. For more information, visit www.optiv.com.
Would you like to speak to an advisor? Let's Talk Cybersecurity Provide your contact information and we will follow-up shortly. Let's Browse Cybersecurity Just looking? Explore how Optiv serves its ~6,000 clients. Show me AI Security Solutions Show me the Optiv brochure Take me to Optiv's Events page Browse all Services