AI in DevSecOps - "From a Copilot to an Autopilot"

Guest author Janne Saarela, Strategy business analyst at JFrog, delves into the benefits of self-driving technology

AI in DevSecOps - "From a Copilot to an Autopilot"

Janne Saarela. Photo credit: JFrog PR

What do Autonomous Driving and Software Development have in common? At first glance, not much. Take a closer look under the hood and you’ll begin to see some similarities, especially in the evolution paths and underlying targets. To connect the dots, let's begin by delving into the concept of autonomous driving and then relate it to SW development.

The concept of autonomous driving has been around for years, and what once seemed like a futuristic concept has now become today’s reality. At its core, autonomous vehicles (AVs) are aimed at minimizing human errors in traffic, accounting for ~90% of accidents today. The fundamental premise of AVs is that it should outperform an average human driver. Importantly, self-driving technology has the potential to free up a precious resource: time. This enables people to devote their focus to more gratifying pursuits, instead of being tied up with driving.

Two critical enablers for autonomous driving are Edge and AI: empowering vehicles to process IoT sensors’ data within the vehicle itself and by doing so, enabling real-time operations. This capability is crucial for any mission-critical applications. Attempting to program the machine to handle every possible driving scenario manually becomes an impractical endeavor. Instead, the vehicle must dynamically learn from its environment. The intelligence of an AV hinges on the availability of various IoT sensor data, allowing the creation of a digital representation (a twin) of the physical world. The more diverse data, the more sophisticated AI systems can be deployed. 

When observing the evolution path of autonomous driving, we can notice a gradual reduction in human involvement at each stage. The AV framework includes 6 levels of automation ranging from 0 (fully manual) to 5 (fully autonomous). 

      0.   No automation: the driver retains complete control of all driving tasks.

  1. Driver assistance: the vehicle incorporates a single automated system that allows the driver to take their foot off the pedal.
  2. Partial automation: the vehicle becomes capable of handling steering and acceleration, allowing the driver to take their hands off the wheel.
  3. Conditional automation: the vehicle can control most driving tasks, enabling the driver to take their eyes off the road while still maintaining supervision.
  4. High automation: the vehicle performs all driving tasks under specific conditions, allowing the driver to take their mind off the road while remaining alert.
  5. Full automation: the vehicle can independently handle all driving tasks under any conditions. This transforms the driver into a passenger, completely freeing their mind from all driving responsibilities. 

The benefits of AI in SW Development mirror largely those seen in autonomous driving: minimizing human errors and freeing up time for more creativity-intensive work. Since human resources are often the costliest aspect of SW development, organizations are incentivized to adopt AI-based systems that can enable them to do more with less.

A closer examination of the SW development evolution paths reveals striking similarities to the advancements in autonomous driving: gradual reduction in human involvement at each stage

In the early 2000s, SW Development had little to no automation. Human control was required at every stage of the SW Development Lifecycle (SDLC), making the process largely manual. Issues were often identified by customers rather than internal teams.

Fast forward to the mid-2010s, we witnessed the rise of Containerization, Cloud Computing, and DevOps, leading to increased automation and efficiency throughout the SDLC. Routine tasks & procedural decisions were automated based on predefined (hard-coded) policies and "if-then" -rules in areas such as testing, code review, and CI/CD. This allowed R&D teams to focus on creative aspects of their work with increased productivity - enabling “guided steering and acceleration”. Development cycles are shortened based on agile principles, bridging Dev and Ops. Issue management & resolution started to shift from reactive to adaptive with more seamless coordination across teams. The majority of issues could be detected and fixed before customers even became aware.

Today,  Generative AI is taking SW development to new levels of efficiency and innovation. Automation extends far beyond routine tasks, as GenAI-based solutions enable the creation of new content through a seamless human-to-machine dialogue. Efficiency gains are only just beginning to unfold as AI can act as an inexhaustible assistant (Copilot) throughout the SDLC by providing suggestions, explaining issues, generating code, monitoring processes, scanning repositories, providing predictions, and augmenting decision-making.

This will further accelerate and increase the overall code creation, translating into more SW builds, more SW to be secured, and more frequent updates to the runtime. As we add embedded AI models (MLOps) into the modern SW development equation, the aforementioned areas expand even further. The concept of "liquid software" is gradually becoming a reality, where small incremental improvements (binaries-based updates) automatically flow from development to runtime with minimal service downtime.

In application security, AI can significantly reduce the time to discover and remediate issues in a predictive manner, preventing malicious SW packages from ever entering an organization in the first place. This begins with automated vulnerability scanning and detection, utilizing AI-based severity and contextual analysis, and extending to automated remediation. Despite the aforementioned advancements, human intervention and approval are still necessary until AI-based solutions demonstrate a higher degree of trust & reliability. Development teams’ “eyes are coming off the road, but minds must remain alert.”

In the upcoming years, we begin transitioning towards a full automation paradigm, where we move from a Copilot (AI assistant) to an Autopilot (AI decision-maker). Development teams won’t become “passengers” per se, but the traditional roles & responsibilities of the personas involved in designing, creating, securing, distributing, and operating SW will begin to shift. Machines can be directed to solve highly complex problems through a natural language UI (i.e., English), requiring new types of skills from the programmer to navigate the dialogue towards the intended state.

Fundamentally, the AI system should outperform an average human developer or other person involved in the processes. AI will further augment and automate decision-making processes, enabling organizations to select the best possible (data-driven) approach and tools to resolve any issues. Trust in AI systems will be paramount, necessitating vast contextual understanding and ethical decision-making, similar to the challenges experienced in autonomous driving today. Self-learning and self-healing capabilities will become essential in detecting, analyzing, isolating, and patching issues while maintaining service uptime. Meaning: that the software will be able to rewrite an update itself, as well as add new functionality to deal with new inputs. Similarly to AVs, the AI system must learn from its operational environment and adapt accordingly.

In conclusion, while the parallels between autonomous driving and SW development may not be immediately apparent, both fields share the common objective of harnessing the power of AI to enhance their operations and to free time for individuals to focus on more gratifying pursuits. In the context of SW development, AI will continue to accelerate & improve the creation of new features & data, elevating the UX of various R&D personas and evolving gradually from a trusted advisor towards an elevated decision-making autonomy.

AI-based Copilots will slowly start to become more mainstream throughout SDLC, starting from Intelligent Coding and Security and extending to cover the full DevOps stack. Businesses must adhere to responsible and secure AI principles and practices to ensure sustainable outcomes. This includes areas such as protecting their IP and avoiding potential security & license compliance issues in AI-generated Software. Embracing the progressive autonomy of AI systems will allow & ensure compatibility with existing infrastructures and regulatory environments. 

As AI technologies continue to advance, we can anticipate even deeper integration and innovation in SW development. We are living in exciting times as AI continues to transform industries. The future of SW development is promising, and the degree of development responsibility we can entrust to machines may only be limited by our imagination.

Written by Janne Saarela, Strategy business analyst at JFrog

You might be interested also