"What we're seeing as a response to coding agents is one of the biggest risks in security vulnerabilities to date,” said Jaime Jorge, Founder and CEO of Codacy. “It's almost like a game to see how fast we can exploit vulnerabilities in some of these applications that are created so quickly."

In this episode of The Security Strategist Podcast, Richard Stiennon, Chief Research Analyst at IT-Harvest, speaks with Jaime Jorge, the Founder and CEO of Codacy, about secure software development in the age of AI.

The speakers talk about how quickly coding is evolving due to AI tools, the rise of autonomous coding agents, and the major security issues that come from this faster development.

Jorge emphasised the importance of maintaining security practices and highlighted Codacy's role in providing thorough security analysis to ensure that AI-generated code is safe and reliable. The discussion also looks at the future of AI in software development and what IT leaders need to do to manage these changes.

Software Development in an Era of AI

The world of software development is changing dramatically, the Codacy founder conveyed on the podcast. With AI tools like GitHub Copilot and Cursor becoming mainstream, developers are writing code faster than ever. Host Stiennon refers to this new era as "vibe coding," meaning the ability to create code at an incredible speed.

However, this speed can bring serious and risky consequences. Data has shown that AI-generated code often has vulnerabilities. Some studies have found that these vulnerabilities can reach as high as 30-50 per cent. A Front Big Data study reported that 40% of the code suggested by Copilot had vulnerabilities. “Yet research also shows that users trust AI-generated code more than their own.”

This trend is widening the gap between quick development and secure, enterprise-grade software.

How to Keep up With Autonomous Coding Agents?

“Without a doubt, one of the most significant trends that we're seeing is coding agents,” the CEO of Codacy told Stiennon. “Autonomous coding agents are becoming extremely skilled at taking a prompt and creating full-fledged products, getting even to the intentions that users have.”

However, the challenges of autonomous agents cannot be denied. Jorge believes this is more than just a technical issue. It reflects a basic misunderstanding of how to use these powerful new technologies.

He pointed out that it's dangerous to assume we can completely hand over decisions about the code generated by AI. Important software development practices, such as building security into the design and having human code reviews, shouldn't be overlooked.

The convenience of using AI to quickly generate code for a project means we have a greater responsibility to review the code ourselves, to evaluate it, or to ensure that other people approve it.

Jorge’s key message to CISOs, CTOs and IT decision-makers is that AI is here to stay and that their teams are already likely using it. This wave is hard to ride, but “you have a choice in how to ride it.”

"AI-generated code can secure our tools, and our agents are empowered with security capabilities. You can move fast if you have the right guardrails."

The best practices Codacy developed over decades, such as CI/CD, code review, and security by design, are the tools that can help them use AI effectively.

Takeaways

  • AI tools are accelerating software development significantly.
  • Autonomous coding agents are becoming increasingly capable.
  • The speed of development introduces new security vulnerabilities.
  • 30-50% of AI-generated code contains vulnerabilities.
  • Security practices like code reviews are more important than ever.
  • Companies are still defining policies for AI use in coding.
  • Codacy provides end-to-end security analysis for code.
  • AI can enhance security if integrated properly into workflows.
  • IT leaders must adapt to the rapid changes in coding practices.
  • The future of coding will involve more collaboration between AI and human developers.

Chapters

  • 00:00 Introduction to AI in Software Development
  • 02:54 The Rise of Autonomous Coding Agents
  • 05:47 Security Challenges in Rapid Development
  • 09:12 Codacy's Approach to Security
  • 12:08 Future of AI in Software Development
  • 15:09 Key Takeaways for IT Leaders

About Codacy

Codacy is a developer-first, API-driven platform that provides a curated collection of best-in-class code analysis, AppSec scanning, and AI governance tools.

Codacy integrates seamlessly into existing development workflows, empowering development teams to deliver secure, high-quality software faster.

Codacy is the only DevSecOps platform that delivers plug-and-play AppSec and Code Quality for AI-generated and human-written code. Future-proof your software – from source code to runtime – without extra servers or build steps. Deploy within minutes and stay ahead of emerging risks today.