How will AI enhance the application security ecosystem? Dipto Chakravarty, Chief Product and Technology Officer at Black Duck weighs in with a few observations in this CIO Influence Interview:
_________
Hi Dipto – take us through the highlights of your SaaS journey so far?
The Software as a Service (SaaS) model, pioneered by companies like Salesforce, initially revolutionized the industry by providing a consumer-like experience on enterprise infrastructure, simplifying user interaction to application-level administration with easy updates. However, over time, SaaS has become bloated and is now experiencing a moderate decline as it is getting commoditized. The lines between SaaS and Platform as a Service (PaaS) capabilities have blurred in response to customer demands.
Looking ahead, the integration of Artificial Intelligence (AI) is poised to further commoditize SaaS, potentially rendering it obsolete if it fails to adapt (like Darwinism in software). As AI becomes integral to mainstream software technologies, platforms like Salesforce are adopting it as a primary enhancement, signaling a shift towards AI-driven solutions as the next significant technological advancement. If we extend this model further, we will see that LLMs are being applied to algorithms for creating AI agents capable of improving their own code, thus leading to creativity and autonomy.
In an AI powered world, how is the overall application security space evolving?
Application security is undergoing a significant transformation, shifting both earlier and later in the software development lifecycle to address emerging threats. The rise of cloud-native experiences has accelerated this trend, and I anticipate that cloud-native application security will soon be recognized as a distinct market segment.
As AI becomes increasingly integral to software development, it introduces new vulnerabilities, making robust application security more critical than ever. To capitalize on AI’s potential while mitigating risks, organizations must prioritize secure development practices.
With the majority of companies adopting AI for automation, we have a unique opportunity to define and protect the ever-expanding attack surface, driving innovation in in this rapidly evolving landscape for adaptive threat detection via improved contextual insight and intelligent automation.
Also Read: CIO Interview with Ramprakash Ramamoorthy, Director of AI Research, ManageEngine
What are some of the latest industry trends around AI, Big Data and Security you’d like to highlight in this Q&A?
As we navigate the rapidly evolving technological landscape, container security has become a top priority. Organizations are containerizing all applications, whether they’re planning to deploy on the cloud or on-prem; the deployment factor is agnostic. They’re containerizing the workloads so it can be containerized once and deployed many times as a result. Organizations are increasingly containerizing applications to enhance security and compliance, driven by emerging regulations and the need for accountability. As we’re entering an era of accountability and Responsible AI with these emerging regulations, accountability and compliance are becoming core requirements of doing business.
The exponential growth of the Internet of Things (IoT) has further complicated the security landscape, underscoring the need for AI-driven automation to keep pace with vulnerabilities. There are 7 billion humans on the planet; meanwhile, there are over 20 billion IoT devices in use currently. That creates 30-40 billion end points. Unless AI and automation are applied at scale, we’ll never be able to build software fast enough to keep up with the vulnerabilities. Currently, time to market and cost are major consumer considerations. We need to work as an industry to ensure that security plays into these consumer considerations as well.
The convergence of AI, Big Data, and security is creating new opportunities for innovation, but also demands a refreshed approach to security. As we bring compute to data, rather than the other way around, we must rethink our security strategies to address the blurring lines between SaaS, Big Data, and containerization, ultimately delivering development velocity with trust. This is top of mind for CSOs and CIOs dealing with the cost impacting operating expenses.
Also Read: Emerging IT Trends And Technologies Every CIO Should Stay Ahead Of
How will teams belonging to these spheres evolve as AI becomes more mainstream to these roles?
AI is transforming various job categories, automating tasks such as diagnosis and expense report processing. However, when it comes to complex decision-making that requires experience and nuance, human expertise remains essential. While AI can index vast amounts of public data, its true value lies in protecting proprietary enterprise data, which is not publicly accessible. This underscores the need for a balanced approach that leverages AI’s strengths while relying on human judgment for critical tasks.
What do most organizations get wrong when it comes to AI deployment today?
As we harness the power of AI to accelerate development velocity, it’s crucial that we strike a balance between speed and precision. The stakes are high, and inaccurate or insecure code can have devastating consequences. To mitigate these risks, we’re seeing the emergence of three key AI segments: responsible AI, private AI, and agentic AI. By prioritizing responsible AI-assisted coding practices and implementing robust guardrails within our tech stack, we can ensure that the benefits of AI are realized while minimizing potential downsides.
What immediate plans do you have for Black Duck in terms of modernizing and enhancing the platform as a new CPO?
Our next innovation phase for the Black Duck Polaris™ Platform is centered on achieving elasticity, enabling seamless adaptability across on-prem, off-prem, and hybrid cloud environments to meet on-demand needs. By doing so, we will empower organizations to effortlessly scale according to their unique requirements. This strategic move will strike a balance between simplicity, elastic demand, and a comprehensive feature set, ultimately driving enhanced scalability and flexibility for the enterprises we serve.
A few thoughts on the future of AI and application security before we wrap up?
As we navigate the rapidly evolving AI landscape, we’re on the cusp of a significant shift towards artificial general intelligence (AGI). We’re moving from AI as a capability into general intelligence, and then to super intelligence – that’s the future. This transformation will redefine the application security paradigm, driving the emergence of pervasive security that leverages ambient intelligence to analyze patterns, detect threats, and respond in real-time. By harnessing AI’s scalability, we can create an adaptive security posture that meets the demands of our increasingly complex world in a future-proof way.
[To share your insights with us as part of editorial or sponsored content, please write to psen@itechseries.com]
Dipto Chakravarty is the chief product and technology officer at Black Duck, where he leads the company’s product and technology initiatives including product strategy, product management, product development, and R&D. Before joining Black Duck, he served as CPO at Cloudera and head of data engineering for Amazon’s artificial general intelligence business. Dipto has held executive positions at AWS, CA, IBM, and Novell; he led three PE-backed businesses with exits; and he founded Artesia from a buyout of Thomson-Reuters. He has had 12 patents issued to date, has authored two books, and has served on the board of software companies. Dipto holds BS and MS degrees in computer science from the University of Maryland, and a GMP certification from Harvard Business School.
Black Duck® meets the board-level risks of modern software with True Scale Application Security, ensuring uncompromised trust in software for the regulated, AI-powered world.
