Security AI shifts left into DevSecOps

DevSecOps tools such as GitLab's One DevOps Platform plan to inject AI into developer workflows to shore up secure coding, a shift IT pros and analysts say is timely as security AI becomes more popular. In IT and security operations, AIOps tools can reduce the number of alerts IT pros must respond to or narrow down the root cause of incidents as distributed cloud-native infrastructure grows more and more complex. The same kind of overload that's led IT ops teams to embrace artificial intelligence and machine learning has creeped into the developer side of the DevSecOps model as well, according to IT analysts. "Cloud services and modern software development processes, such as microservices application architectures, create a much greater scale of software releases and attack exposures," said Melinda Marks, an analyst at Enterprise Strategy Group, a division of TechTarget. "That, coupled with the cybersecurity skills gap, means that they are looking for ways to reduce tedious, manual tasks to work more efficiently and reduce staff burnout." The movement to shift security left into DevOps workflows is bringing along applications for AI assistance as well, from vendors such as Palo Alto Networks' Prisma Cloud and GitLab.