AI in DevSecOps: Moving from A Co-Pilot to An Autopilot

By Stephen Chin, VP of Developer Relations, JFrog

What do autonomous driving and software (SW) development have in common? At first glance, not much. But when taking a closer look under the hood you’ll begin to see some similarities, especially in the evolutionary path towards underlying targets. Development teams won’t become “passengers” per se, but the traditional roles and responsibilities of the personas involved in designing, creating, securing, distributing, and operating SW will begin to shift. To connect the dots, let’s begin by delving into the concept of autonomous driving and then relate it back to SW development.

The concept of autonomous driving has been around for years, and what once seemed like a futuristic concept is today’s reality. At their core, autonomous vehicles (AVs) are aimed at minimizing human errors in traffic, accounting for ~90% of accidents today. The fundamental premise of AVs is that they should outperform an average human driver. Importantly, self-driving technology has the potential to free up an extremely valuable resource: time. This enables people to devote their focus to more gratifying pastimes instead of being tied up in traffic.

Two critical enablers for autonomous driving are Edge and AI: empowering vehicles to process IoT sensors’ data within the vehicle itself and by doing so, enabling real-time operations. This capability is crucial for any mission-critical applications. Attempting to manually program the machine to handle every possible driving scenario becomes an impractical endeavor. Instead, the vehicle must dynamically learn from its environment. The intelligence of an AV hinges on the availability of various IoT sensor data, allowing the creation of a digital representation (a twin) of the physical world. The more diverse the data, the more sophisticated AI systems can be deployed.

When observing the evolution path of autonomous driving, we can notice a gradual reduction in human involvement at each stage. The AV framework includes 6 levels of automation ranging from 0 (fully manual) to 5 (fully autonomous).

• No automation: the driver retains complete control of all driving tasks.
• Driver assistance: the vehicle incorporates a single automated system that allows the driver to take their foot off the pedal.
• Partial automation: the vehicle becomes capable of handling steering and acceleration, allowing the driver to take their hands off the wheel.
• Conditional automation: the vehicle can control most driving tasks, enabling the driver to take their eyes off the road while still maintaining supervision.
• High automation: the vehicle performs all driving tasks under specific conditions, giving the driver the opportunity to take their mind off the road while remaining alert.
• Full automation: the vehicle can independently handle all driving tasks under any conditions. This transforms the driver into a passenger, completely freeing their mind from all driving responsibilities.

The benefits of AI in SW Development largely mirror those seen in autonomous driving:

Minimizing human errors and freeing-up time for more creativity-intensive work. Since human resources are often the costliest aspect of SW development, organizations are incentivized to adopt AI-based systems that can enable them to do more with less.

Closer examination of the SW development evolution paths reveals striking similarities to the advancements in autonomous driving: gradual reduction in human involvement at each stage of evolution:

• In the early 2000s, SW Development had little to no automation. Human control was required at every stage of the SW Development Lifecycle (SDLC), making the process largely manual. Issues were often identified by customers rather than internal teams.
• Fast forward to the mid-2010s, we witnessed the rise of Containerization, Cloud Computing, and DevOps, leading to increased automation and efficiency throughout the SDLC. Routine tasks and procedural decisions were automated based on predefined (hard-coded) policies and “if-then” -rules in areas such as testing, code review and CI/CD. This allowed R&D teams to focus on creative aspects of their work with increased productivity – enabling “guided steering and acceleration”. Development cycles shortened based on agile principles, bridging Dev and Ops. Issue management and resolution started to shift from reactive to adaptive with more seamless coordination across teams. The majority of issues could be detected and fixed before customers even became aware.
• Today,Generative AI is taking SW development to new levels of efficiency and innovation. Automation extends far beyond routine tasks, as GenAI-based solutions enable the creation of new content through a seamless human-to-machine dialogue. Efficiency gains are only just beginning to unfold as AI can act as an inexhaustible assistant (Copilot) throughout the SDLC by providing suggestions, explaining issues, generating code, monitoring processes, scanning repositories, providing predictions, and augmenting quick decision-making. This will further accelerate and increase the overall code creation, translating into more SW builds, more SW to be secured, and more frequent updates to the runtime. As we add embedded AI models (MLOps) into the modern SW development equation, the aforementioned areas expand even further. The concept of “Liquid Software” is gradually becoming a reality, where small incremental improvements (binaries-based updates) automatically flow from development to runtime with minimal service downtime.
• In application security, AI can significantly reduce the time to discover and remediate issues in a predictive manner, preventing malicious SW packages from ever entering an organization in the first place. This begins with automated vulnerability scanning and detection, utilizing AI-based severity and contextual analysis, and extends to automated remediation. Despite the aforementioned advancements, human intervention and approval are still necessary until AI-based solutions demonstrate a higher degree of trust and reliability.
• In recent years, we began transitioning towards a full automation paradigm, wherein we move from a Copilot (AI assistant) to an Autopilot (AI decision-maker). Machines can be directed to solve highly complex problems through a natural language UI (i.e. English), requiring new types of skills from the programmer to navigate the dialogue towards the intended state. Fundamentally, the AI system should outperform an average human developer or other persona involved in said processes. AI will further augment and automate decision-making processes, enabling organizations to select the best possible (data-driven) approach and tools to resolve any issues. Trust in AI systems will be paramount, necessitating vast contextual understanding and ethical decision-making, similar to the challenges experienced in autonomous driving today. Self-learning and self-healing capabilities will become essential in detecting, analyzing, isolating, and patching issues while maintaining service uptime. Meaning: software will be able to rewrite an update itself, as well as add new functionality to deal with new inputs. Similarly, to AVs, the AI system must learn from its operational environment and adapt accordingly.

In conclusion, while the parallels between autonomous driving and SW development may not be immediately apparent, both fields share the common objective of harnessing the power of AI to enhance their operations and to free time for individuals to focus on more gratifying pursuits. In the context of SW development, AI will continue to accelerate and improve the creation of new features and data, elevating the UX of various R&D personas and evolving gradually from a trusted advisor towards an elevated decision-making autonomy. AI-based Copilots will slowly start to become more mainstream throughout SDLC, starting from Intelligent Coding and Security and extending to cover the full DevOps stack. Businesses must adhere to responsible and secure AI principles and practices to ensure sustainable outcomes. This includes areas such as protecting their IP and avoiding potential security and license compliance issues in AI generated Software. Embracing progressive autonomy of AI systems will allow and ensure compatibility with existing infrastructures and regulatory environments.

As AI technologies continue to advance, we can anticipate even deeper integration and innovation in SW development. We are living in exciting times as AI continues to transform industries. The future of SW development is promising, and the degree of development responsibility we can entrust to machines may only be limited by our imagination.

About the Author

Stephen Chin is VP of Developer Relations at JFrog. Stephen can be reached at our company website: https://jfrog.com/