The promise and dangers of AI-powered development

Adopting artificial intelligence (AI) in software development processes offers the tantalising prospect of dramatically reduced delivery timelines. 

Moreover, AI tools promise to automate mundane tasks, allowing developers to focus on higher-value creative work. By streamlining processes from generating, testing, and troubleshooting codes, AI could significantly boost developer productivity and job satisfaction. 

However, the very speed that AI enables also introduces new risks.  

“As we increase the number of features and innovative services that we deliver to market, sometimes the challenge is keeping up with the vulnerabilities that are also released to production,” said GitLab’s Asia Pacific & Japan Field CTO, Andrew Haschka. 

Speaking at GovInsider’s Festival of Innovation (FOI) event in March, Haschka explored how AI and machine learning are transforming citizen-centric public services through secure and cost-effective software development. 

Here are the highlights for Haschka’s presentation titled AI-Powered DevSecOps: Secure, Seamless, and Sustainable Public Services. 

To subscribe to the GovInsider bulletin click here.

Double-edged sword of AI in software development 

As development cycles accelerate, there is a danger that security considerations may be overlooked.  

The increased use of AI-generated or internet-sourced code that has not been properly validated could introduce vulnerabilities at an unprecedented rate. 

Haschka noted that some agencies are aiming to slash development cycles from 24 months to a mere three to six months period. This acceleration could enable governments to respond more nimbly to citizens' evolving needs and expectations. 

As he highlighted, malicious actors are also leveraging AI to identify vulnerabilities in code. This creates an arms race scenario, where governments must not only innovate rapidly but also stay ahead of increasingly sophisticated cyber threats. 

Compliance and governance challenges 

A key challenge facing public sector organisations is the sprawl of teams, processes, and tools involved in software delivery. This fragmentation often results in inefficiencies, delays, and security vulnerabilities. Haschke emphasised the importance of "having a more traceable holistic supply chain" to address these issues. 

By leveraging AI through the 'GitLab Duo' platform, GitLab aims to provide end-to-end visibility and context across the entire software delivery lifecycle.  

This holistic view enables organisations to identify bottlenecks, enhance security, and ensure compliance more effectively. 

For government agencies in ASEAN, compliance with regulatory frameworks is paramount. Haschka highlighted the risks of non-compliance, including potential fines and vulnerabilities.  

He advocated for a shift from manual, post-deployment reporting to automated and proactive compliance checks. 

Implications for public sector IT strategy 

One of the implications is rethinking software supply chains. The integration of AI necessitates a fundamental rethinking of software supply chains.  

Government IT leaders must consider how to create more traceable, holistic approaches that provide end-to-end visibility and control. 

The other one is upskilling the workforce. The shift towards AI-powered software development will require significant investment in upskilling public sector IT professionals. 

Governments must prepare their workforce not just to use AI tools, but to understand their implications and limitations. 

A call for thoughtful integration 

The path forward demands a strategic and measured approach. The integration of AI in public sector software development is not merely a technological shift, but a transformation that touches on governance, security, and the very nature of public service delivery.  

Only through such thoughtful integration can governments harness the true potential of AI to deliver innovative, secure, and citizen-centric services. 

Haschka concluded recommending several key strategies for technology leaders in the public sector to consider: 
 

1. Adopt a more declarative approach to oversight and governance 

2. Promote the creation of secure and efficient code
3. Establish and refine a secure software supply chain 

4. Optimise collaboration between team members 

5. Improve and regularly measure speed and stability 
6. Automate and augment the entire experience with AI 

You can find Haschka's FOI presentation recording on-demand here.