AI-Assisted Development Replicates Human Error: What’s Your Strategy for AI Governance and Risk Management?
Agentic’s artificial intelligence focuses on business operations at lightning speed. With the promise of delivering unprecedented productivity (and pushed by CEOs and CIOs who see AI as the key to competitiveness), AI ambassadors have become “pilots” for almost every developer. As a result, AI-powered codes are popping up everywhere.
But the hidden dangers of current agent AI implementations are piling up almost as quickly as the code. AI agents do a great job of predicting the next line of code, but they don’t understand the security implications of the code being built. In many cases, by automating production as a reliable driver, they increase human error by suggesting insecure patterns that fast-paced developers adopt without a second thought. The ability of AI agents to operate automatically only accelerates the problem.
It’s moving faster with smart technology like home thermostats, cameras, and travel booking assistants, BeyondTrust Senior Security Advisor Morey Haber said recently. “In the next year, almost every technology we use will be connected to agent AI,” he said.
According to a the latest report from GartnerThe widespread use of shadow AI and rogue automation is driving the rise of AI vulnerability. Gartner notes that 32% of IT professionals who use productive AI tools at work say they keep them hidden from cybersecurity teams. Combined with low-code/no-code platforms and vibe coding practices, AI copywriters greatly expand the attack surface of the enterprise.
AI Risks Are Growing
If high-speed development practices are not enough, the use of agent AI is also driven from the top, where managers seem to have strong faith in what AIs can do, when Gartner found that 79% of IT leaders expect significant benefits. They easily turn customized AI chatbots into AI agents by connecting them with APIs and tools. This increases the risk because only 14% of IT leaders say they are confident that data and content are ready for human interaction with AI. CISOs are often powerless to prevent these programs.
Other survey conducted by PagerDuty found that 81% of managers are willing to allow autonomous systems to take action in the event of a security breach, system outage, or other problems. That finding underscores the disconnect between agent AI expectations and reality: 96 percent of managers say they are confident they can detect and mitigate AI failures before they impact operations, or 84 percent have already experienced AI-related outages. Currently, Capgemini research found that only 27% of organizations now say they rely on independent agents fully, down from 43% last year.
The truth is that AI does not create new risks; it replicates the bad habits found in the large dataset it’s trained on. In fact, it increases human error. If organizations don’t change their approach to AI development, we risk flooding our collections with insecure AI-generated code that continues to expand the enterprise attack surface.
How CISOs Can Stem the Tide
CISOs are completely helpless in bringing automated AI implementations under control. But they must act quickly to implement a layered monitoring system that minimizes vulnerabilities in line with their risk tolerance.
Prioritize Developer Risk Management: AI agents may introduce vulnerabilities into the environment, but it starts with human developers. A comprehensive developer risk management plan that addresses appropriate learning methods, AI guardrails, and technology stack visualization and traceability is required to prepare developers to review the security of their work. Developer education and skill development in security best practices, including the use of benchmarks to track progress in acquiring new capabilities, will be critical to ensuring the security of both developer-generated code and AI. It’s an important part of developers who end up reaping the benefits of AI coding tools and agents.
Inventory Shadow AI: Controlling AI agents starts with knowing what you have and where they are. Deep observation in AI assistant development is essential, enabling you to see which developers are using large-scale language models (LLMs) and which code bases.
Gaining deep visibility into AI agents also allows organizations to prioritize relative risk, depending on the type of agent (embedded, autonomous) and the risk level of the projects they are working on. A comprehensive list is also important for implementing effective access controls, which are necessary for security. Gartner predicts that by 2029, more than half of successful cybersecurity attacks against AI agents will use access control issues with immediate or indirect injection.
Focus on Governance: By automating policy implementation, you can ensure that AI assistant developers meet secure development standards before their work is accepted into critical repositories.
A Secure Foundation is the Key to Success
AI-assisted development is here to stay because the productivity benefits are too great to ignore. But the unrestrained use of AI agents has multiplied vulnerabilities in the code, leading to a huge risk that many enterprise security systems are not sufficiently prepared to protect themselves.
A comprehensive, advanced program based on visibility, visibility, governance and developer development can reverse the trend and propel organizations toward successful implementation of AI-assisted automated development. Gartner estimates that CIOs and CISOs who work with business leaders to implement structured security programs will see the best results. That partnership could, according to Gartner, lead to a 50% reduction in serious cybersecurity incidents by 2028, as the number of advanced AI systems grows by 20% over the same period.
