Best practices for using AI in the SDLC

Written by:
Frank Fischer

July 19, 2023

0 mins read

AI has become a hot topic thanks to the recent headlines around the large language model (LLM) AI with a simple interface — ChatGPT. Since then, the AI field has been vibrant, with several major actors racing to provide ever-bigger, better, and more versatile models. Players like Microsoft, NVidia, Google, Meta, and open source projects have all published a list of new models. 

In fact, a leaked Google document makes it seem that these models will be ubiquitous and available to everyone soon.


Source: Dr Alan D. Thompson, (May/2023),

In this post, we'll look at how AI can be used to improve the software development lifecycle (SDLC) and the pitfalls that can come from blindly applying AI to your existing processes.

AI and software development: The good and the bad

Applying AI to your products can make them stand out in the crowd (even if only as bells and whistles), but applying AI within the SDLC (development, monitoring, management, etc.) can be a major game changer when you're trying to outmaneuver your competition. Here are some of the ways:

  1. Efficiency: AI-backed tools can quickly process massive amounts of code or log files.

  2. Improved code security and quality: With the right tools, AI can find issues and provide possible code fixes instantly.

  3. Increased innovation in code: Code suggestions can bring in new ideas and different ways to solve an issue.

  4. Boosted process speed: AI can speed up the process by preparing the information necessary to make a decision and provide elements (like code snippets) so teams can simply execute. 

  5. Lowered cognitive load: AI can help humans understand an unfamiliar situation more quickly, making the work less exhaustive.

But, a new productivity tool comes with new risks and challenges:

  1. Data leaks: Sensitive information can accidentally be leaked if it's fed into a tool that uses queries to further train models

  2. Skill atrophy: Your workforce can start to lose abilities if they rely to heavily on AI to provide correct answers or insights.

  3. Hallucinations: AI models (such as LLM) suffer from what is called “hallucinations”, which means the models produces extremely convincing argumentation that are simply not true.

  4. Bad suggestions: If an AI is trained on bad code, it will suggest bad fixes based on its training set.

  5. Fakers: AI enables persons with low to no experience and knowledge in programming to produce code. It is expected that the amount of source code will significantly increase within the coming years. As a CISO, engineering leader, or hiring manager, you need to be prepared for this.

  6. License infringement: There is currently a huge discussion about the licensing of the training data. A worst-case scenario would be that code produced by models that use copyleft licenses would also be copyleft — meaning your application would suddenly become open source.

  7. Bad Actors: While this one is not specific to the SDLC, there is no avoiding that AI will be used by attackers. There are more sophisticated scenarios like data poisoning (“training” an intrusion detection system on a certain pattern that when it is used later it won’t be recognized as malicious), but those are not common yet. Realistically, we can expect that the level of expertise required to design and execute a qualitatively better attack has been lowered significantly. So we will likely see more frequent and sophisticated attacks.

Adopting new tools is exciting — and, at times, overwhelming. To simplify the process of integrating AI into your SDLC, we created a cheat sheet with eight best practices to keep you on track.


Download the cheat sheet today for more information, and start your free trial or book a demo with one of Snyk's security experts to learn how Deepcode AI can turbocharge your SDLC.

Patch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo Segment

Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer’s toolkit.

Start freeBook a live demo