[{"data":1,"prerenderedAt":512},["ShallowReactive",2],{"/en-us/the-source/ai/4-ways-ai-can-help-devops-teams-improve-security":3,"footer-en-us":50,"the-source-banner-en-us":384,"the-source-navigation-en-us":390,"article-site-categories-en-us":413,"the-source-newsletter-en-us":415,"4-ways-ai-can-help-devops-teams-improve-security-article-hero-category-en-us":422,"4-ways-ai-can-help-devops-teams-improve-security-the-source-source-cta-en-us":447,"4-ways-ai-can-help-devops-teams-improve-security-article-hero-author-en-us":457,"4-ways-ai-can-help-devops-teams-improve-security-category-en-us":476,"4-ways-ai-can-help-devops-teams-improve-security-the-source-resources-en-us":489},{"id":4,"title":5,"body":6,"category":7,"config":8,"content":14,"description":6,"extension":41,"meta":42,"navigation":43,"path":44,"seo":45,"slug":46,"stem":47,"type":48,"__hash__":49},"theSource/en-us/the-source/ai/4-ways-ai-can-help-devops-teams-improve-security.yml","4 Ways Ai Can Help Devops Teams Improve Security",null,"ai",{"layout":9,"template":10,"author":11,"featured":12,"sourceCTA":13},"the-source","TheSourceArticle","kristina-weis",false,"source-lp-how-to-get-started-using-ai-in-software-development",{"title":15,"date":16,"description":17,"timeToRead":18,"heroImage":19,"keyTakeaways":20,"articleBody":24,"faq":25},"How AI can help DevOps teams improve security","2023-12-05","Find out how DevOps teams are using artificial intelligence and machine learning to improve security, minimize risk, and ship more secure code.","4 min read","https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463801/t2lucrovy8dadeimvk48.png",[21,22,23],"AI and ML in software development is more than code generation — it can enhance security by mitigating vulnerabilities faster, making code reviews more efficient, and suggesting relevant tests to ensure proper coverage.","Nearly a third of DevSecOps teams already use AI for automated test generation. However, 55% feel that introducing AI into the software development lifecycle is risky.","Organizations should prioritize AI tools that do not train machine learning models with proprietary data or source code and are designed with a privacy-first approach.","Artificial intelligence (AI) and machine learning (ML) in software development aren't just about helping DevOps teams reduce repetitive tasks and ship code more efficiently. AI and ML can help organizations ship better, more secure code and minimize security risk to their organization and customers.\n\nHere are a few ways AI can help bolster your organization’s security:\n\n## Mitigate security vulnerabilities faster\nWhen a security vulnerability is detected, the first step in fixing it is understanding it - and this is a place where AI stands out. Traditional methods require teams to review code for vulnerabilities manually, which can be time-consuming and prone to human error. However, with AI, developers and security teams can generate summaries of potential vulnerabilities and how attackers might exploit them. More advanced AI-powered tools can even provide a suggested mitigation with sample code for each vulnerability - giving teams actionable insights on how to reduce security risks.\n\n## Make code reviews more efficient and effective\nWhen a developer's code is ready for review, there are a few ways AI can help speed things up and help catch potential issues.\n\nAI can help the author choose the best reviewer - one who's familiar with the code base and more likely to catch important issues, and less likely to ignore the code review request, say that someone else should review it, or provide insufficient feedback. While choosing the most appropriate code reviewers can be a complex task for a human, a machine learning algorithm can analyze the changes and the project’s contribution graph to help identify reviewers.\n\nAI also can generate a summary of the merge request to help reviewers quickly understand what they're being asked to review and to ease the code review handoff process.\n\n## Generate tests to ensure proper test coverage\nThoroughly testing code changes is one of the most important ways to ensure code works as expected and doesn’t introduce security issues - but writing tests can be time-consuming and difficult, so code is often pushed to production environments without appropriate test coverage.\n\nAI can look at code changes and suggest relevant tests along with test files, so developers can spend less time thinking about and writing tests and [more time coding](https://about.gitlab.com/the-source/ai/how-ai-helps-devsecops-teams-improve-productivity/).\n\nIn fact, many DevOps teams are already using AI to generate tests. In our [2024 survey of more than 5,000 DevSecOps professionals worldwide](https://about.gitlab.com/developer-survey/2024/ai/), nearly a third (32%) of respondents whose organizations were using AI said they were using it for automated test generation.\n\n## Protect your proprietary data when using AI\nFor many organizations, it’s important that the efficiency gains of using AI and ML don’t come at the cost of privacy, security, or compliance. More than half of survey respondents (55%) said they feel that introducing AI into the software development process is risky. Concerns around privacy and data security were the top AI-related obstacle identified by respondents.\n\nBefore integrating AI into your software development processes, make sure to understand how your proprietary data will or won’t be used to train its machine learning models. Allowing DevOps teams to use the wrong AI tool can lead to painful and costly [leaks of top-secret data and source code](https://www.techradar.com/news/samsung-workers-leaked-company-secrets-by-using-chatgpt).\n\n> Find out what your DevSecOps team can do to begin to understand - and measure - the [impact of generative AI](https://about.gitlab.com/the-source/ai/how-to-put-generative-ai-to-work-in-your-devsecops-environment/).\n\n### Improve security with AI-powered DevSecOps workflows\n\nAI solutions like [GitLab Duo](https://about.gitlab.com/gitlab-duo/) can help DevOps teams use AI to improve security throughout their software development lifecycle with [capabilities](https://docs.gitlab.com/ee/user/ai_features.html) such as vulnerability summaries, suggested tests, and merge request summaries.\n\nGitLab Duo does not train ML models with customers’ proprietary data or source code and is designed with a privacy-first approach to help enterprises and regulated organizations adopt AI-powered workflows.",[26,29,32,35,38],{"header":27,"content":28},"How can AI-powered DevSecOps workflows improve software security?","AI-powered DevSecOps workflows integrate security at every stage of development by providing vulnerability detection, risk analysis, automated testing, and secure code recommendations. By leveraging AI-driven security insights, teams can ship more secure software faster while reducing manual workload and human error.",{"header":30,"content":31},"Can AI assist with test generation to improve security?","Yes, AI can automatically generate tests to ensure proper code coverage and reduce the likelihood of security vulnerabilities going undetected. By analyzing code changes, AI tools suggest relevant unit tests, integration tests, and security tests, helping DevOps teams validate software without the burden of manually writing every test case.",{"header":33,"content":34},"How can AI help DevOps teams detect and mitigate security vulnerabilities?","AI can speed up vulnerability detection and mitigation by generating summaries of security risks and suggesting actionable fixes. Instead of manually reviewing code for vulnerabilities, DevOps teams can use AI-powered security tools to analyze code, identify weaknesses, and provide remediation suggestions, reducing the time it takes to address security threats.",{"header":36,"content":37},"What security risks are associated with using AI in software development?","The biggest risks of using AI in DevOps include privacy concerns, compliance issues, and potential data leaks. Organizations should carefully evaluate AI tools to ensure they do not train machine learning models using proprietary source code. AI solutions like GitLab Duo prioritize a privacy-first approach, ensuring that sensitive data remains protected.",{"header":39,"content":40},"How does AI enhance the efficiency of code reviews?","AI improves code review efficiency by suggesting the most relevant reviewers based on contribution history and expertise. It can also generate merge request summaries, helping reviewers quickly understand the changes and focus on key security risks. This reduces bottlenecks in the review process and ensures higher-quality security assessments.","yml",{},true,"/en-us/the-source/ai/4-ways-ai-can-help-devops-teams-improve-security",{"title":15,"description":17,"ogImage":19},"4-ways-ai-can-help-devops-teams-improve-security","en-us/the-source/ai/4-ways-ai-can-help-devops-teams-improve-security","article","EbvnO7hJMxOQeJUzkJkQsHdnqxIk6gcBQbWaQw-3JRg",{"data":51},{"text":52,"source":53,"edit":59,"contribute":64,"config":69,"items":74,"minimal":373},"Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license",{"text":54,"config":55},"View page source",{"href":56,"dataGaName":57,"dataGaLocation":58},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/","page source","footer",{"text":60,"config":61},"Edit this page",{"href":62,"dataGaName":63,"dataGaLocation":58},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/content/","web ide",{"text":65,"config":66},"Please contribute",{"href":67,"dataGaName":68,"dataGaLocation":58},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/CONTRIBUTING.md/","please contribute",{"twitter":70,"facebook":71,"youtube":72,"linkedin":73},"https://twitter.com/gitlab","https://www.facebook.com/gitlab","https://www.youtube.com/channel/UCnMGQ8QHMAnVIsI3xJrihhg","https://www.linkedin.com/company/gitlab-com",[75,132,189,248,311],{"title":76,"links":77,"subMenu":93},"Pricing",[78,83,88],{"text":79,"config":80},"View plans",{"href":81,"dataGaName":82,"dataGaLocation":58},"/pricing/","view plans",{"text":84,"config":85},"Why Premium?",{"href":86,"dataGaName":87,"dataGaLocation":58},"/pricing/premium/","why premium",{"text":89,"config":90},"Why Ultimate?",{"href":91,"dataGaName":92,"dataGaLocation":58},"/pricing/ultimate/","why ultimate",[94],{"title":95,"links":96},"Contact Us",[97,102,107,112,117,122,127],{"text":98,"config":99},"Contact sales",{"href":100,"dataGaName":101,"dataGaLocation":58},"/sales/","sales",{"text":103,"config":104},"Support portal",{"href":105,"dataGaName":106,"dataGaLocation":58},"https://support.gitlab.com","support portal",{"text":108,"config":109},"Customer portal",{"href":110,"dataGaName":111,"dataGaLocation":58},"https://customers.gitlab.com/customers/sign_in/","customer portal",{"text":113,"config":114},"Status",{"href":115,"dataGaName":116,"dataGaLocation":58},"https://status.gitlab.com/","status",{"text":118,"config":119},"Terms of use",{"href":120,"dataGaName":121,"dataGaLocation":58},"/terms/","terms of use",{"text":123,"config":124},"Privacy statement",{"href":125,"dataGaName":126,"dataGaLocation":58},"/privacy/","privacy statement",{"text":128,"config":129},"Cookie preferences",{"dataGaName":130,"dataGaLocation":58,"id":131,"isOneTrustButton":43},"cookie preferences","ot-sdk-btn",{"title":133,"links":134,"subMenu":145},"Product",[135,140],{"text":136,"config":137},"DevSecOps platform",{"href":138,"dataGaName":139,"dataGaLocation":58},"/platform/","devsecops platform",{"text":141,"config":142},"AI-Assisted Development",{"href":143,"dataGaName":144,"dataGaLocation":58},"/gitlab-duo/","ai-assisted development",[146],{"title":147,"links":148},"Topics",[149,154,159,164,169,174,179,184],{"text":150,"config":151},"CICD",{"href":152,"dataGaName":153,"dataGaLocation":58},"/topics/ci-cd/","cicd",{"text":155,"config":156},"GitOps",{"href":157,"dataGaName":158,"dataGaLocation":58},"/topics/gitops/","gitops",{"text":160,"config":161},"DevOps",{"href":162,"dataGaName":163,"dataGaLocation":58},"/topics/devops/","devops",{"text":165,"config":166},"Version Control",{"href":167,"dataGaName":168,"dataGaLocation":58},"/topics/version-control/","version control",{"text":170,"config":171},"DevSecOps",{"href":172,"dataGaName":173,"dataGaLocation":58},"/topics/devsecops/","devsecops",{"text":175,"config":176},"Cloud Native",{"href":177,"dataGaName":178,"dataGaLocation":58},"/topics/cloud-native/","cloud native",{"text":180,"config":181},"AI for Coding",{"href":182,"dataGaName":183,"dataGaLocation":58},"/topics/devops/ai-for-coding/","ai for coding",{"text":185,"config":186},"Agentic AI",{"href":187,"dataGaName":188,"dataGaLocation":58},"/topics/agentic-ai/","agentic ai",{"title":190,"links":191},"Solutions",[192,196,201,206,211,215,220,223,228,233,238,243],{"text":193,"config":194},"Application Security Testing",{"href":195,"dataGaName":193,"dataGaLocation":58},"/solutions/application-security-testing/",{"text":197,"config":198},"Automated software delivery",{"href":199,"dataGaName":200,"dataGaLocation":58},"/solutions/delivery-automation/","automated software delivery",{"text":202,"config":203},"Agile development",{"href":204,"dataGaName":205,"dataGaLocation":58},"/solutions/agile-delivery/","agile delivery",{"text":207,"config":208},"SCM",{"href":209,"dataGaName":210,"dataGaLocation":58},"/solutions/source-code-management/","source code management",{"text":150,"config":212},{"href":213,"dataGaName":214,"dataGaLocation":58},"/solutions/continuous-integration/","continuous integration & delivery",{"text":216,"config":217},"Value stream management",{"href":218,"dataGaName":219,"dataGaLocation":58},"/solutions/value-stream-management/","value stream management",{"text":155,"config":221},{"href":222,"dataGaName":158,"dataGaLocation":58},"/solutions/gitops/",{"text":224,"config":225},"Enterprise",{"href":226,"dataGaName":227,"dataGaLocation":58},"/enterprise/","enterprise",{"text":229,"config":230},"Small business",{"href":231,"dataGaName":232,"dataGaLocation":58},"/small-business/","small business",{"text":234,"config":235},"Public sector",{"href":236,"dataGaName":237,"dataGaLocation":58},"/solutions/public-sector/","public sector",{"text":239,"config":240},"Education",{"href":241,"dataGaName":242,"dataGaLocation":58},"/solutions/education/","education",{"text":244,"config":245},"Financial services",{"href":246,"dataGaName":247,"dataGaLocation":58},"/solutions/finance/","financial services",{"title":249,"links":250},"Resources",[251,256,261,266,271,276,281,286,291,296,301,306],{"text":252,"config":253},"Install",{"href":254,"dataGaName":255,"dataGaLocation":58},"/install/","install",{"text":257,"config":258},"Quick start guides",{"href":259,"dataGaName":260,"dataGaLocation":58},"/get-started/","quick setup checklists",{"text":262,"config":263},"Learn",{"href":264,"dataGaName":265,"dataGaLocation":58},"https://university.gitlab.com/","learn",{"text":267,"config":268},"Product documentation",{"href":269,"dataGaName":270,"dataGaLocation":58},"https://docs.gitlab.com/","docs",{"text":272,"config":273},"Blog",{"href":274,"dataGaName":275,"dataGaLocation":58},"/blog/","blog",{"text":277,"config":278},"Customer success stories",{"href":279,"dataGaName":280,"dataGaLocation":58},"/customers/","customer success stories",{"text":282,"config":283},"Remote",{"href":284,"dataGaName":285,"dataGaLocation":58},"https://handbook.gitlab.com/handbook/company/culture/all-remote/","remote",{"text":287,"config":288},"GitLab Services",{"href":289,"dataGaName":290,"dataGaLocation":58},"/services/","services",{"text":292,"config":293},"Community",{"href":294,"dataGaName":295,"dataGaLocation":58},"/community/","community",{"text":297,"config":298},"Forum",{"href":299,"dataGaName":300,"dataGaLocation":58},"https://forum.gitlab.com/","forum",{"text":302,"config":303},"Events",{"href":304,"dataGaName":305,"dataGaLocation":58},"/events/","events",{"text":307,"config":308},"Partners",{"href":309,"dataGaName":310,"dataGaLocation":58},"/partners/","partners",{"title":312,"links":313},"Company",[314,319,324,329,334,339,344,348,353,358,363,368],{"text":315,"config":316},"About",{"href":317,"dataGaName":318,"dataGaLocation":58},"/company/","company",{"text":320,"config":321},"Jobs",{"href":322,"dataGaName":323,"dataGaLocation":58},"/jobs/","jobs",{"text":325,"config":326},"Leadership",{"href":327,"dataGaName":328,"dataGaLocation":58},"/company/team/e-group/","leadership",{"text":330,"config":331},"Team",{"href":332,"dataGaName":333,"dataGaLocation":58},"/company/team/","team",{"text":335,"config":336},"Handbook",{"href":337,"dataGaName":338,"dataGaLocation":58},"https://handbook.gitlab.com/","handbook",{"text":340,"config":341},"Investor relations",{"href":342,"dataGaName":343,"dataGaLocation":58},"https://ir.gitlab.com/","investor relations",{"text":345,"config":346},"Sustainability",{"href":347,"dataGaName":345,"dataGaLocation":58},"/sustainability/",{"text":349,"config":350},"Diversity, inclusion and belonging (DIB)",{"href":351,"dataGaName":352,"dataGaLocation":58},"/diversity-inclusion-belonging/","Diversity, inclusion and belonging",{"text":354,"config":355},"Trust Center",{"href":356,"dataGaName":357,"dataGaLocation":58},"/security/","trust center",{"text":359,"config":360},"Newsletter",{"href":361,"dataGaName":362,"dataGaLocation":58},"/company/contact/#contact-forms","newsletter",{"text":364,"config":365},"Press",{"href":366,"dataGaName":367,"dataGaLocation":58},"/press/","press",{"text":369,"config":370},"Modern Slavery Transparency Statement",{"href":371,"dataGaName":372,"dataGaLocation":58},"https://handbook.gitlab.com/handbook/legal/modern-slavery-act-transparency-statement/","modern slavery transparency statement",{"items":374},[375,378,381],{"text":376,"config":377},"Terms",{"href":120,"dataGaName":121,"dataGaLocation":58},{"text":379,"config":380},"Cookies",{"dataGaName":130,"dataGaLocation":58,"id":131,"isOneTrustButton":43},{"text":382,"config":383},"Privacy",{"href":125,"dataGaName":126,"dataGaLocation":58},{"visibility":43,"title":385,"button":386},"The Intelligent Software Development Era: How AI is reshaping DevSecOps teams",{"config":387,"text":389},{"href":388},"/developer-survey/","Get the research report",{"logo":391,"subscribeLink":396,"navItems":400},{"altText":392,"config":393},"the source logo",{"src":394,"href":395},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1750191004/t7wz1klfb2kxkezksv9t.svg","/the-source/",{"text":397,"config":398},"Subscribe",{"href":399},"#subscribe",[401,405,409],{"text":402,"config":403},"Artificial Intelligence",{"href":404},"/the-source/ai/",{"text":406,"config":407},"Security & Compliance",{"href":408},"/the-source/security/",{"text":410,"config":411},"Platform & Infrastructure",{"href":412},"/the-source/platform/",{"categoryNames":414},{"ai":402,"platform":410,"security":406},{"title":416,"description":417,"submitMessage":418,"formData":419},"The Source Newsletter","Stay updated with insights for the future of software development.","You have successfully signed up for The Source’s newsletter.",{"config":420},{"formId":421,"formName":362,"hideRequiredLabel":43},1077,{"id":423,"title":424,"body":6,"category":6,"config":425,"content":426,"description":6,"extension":41,"meta":441,"navigation":43,"path":442,"seo":443,"slug":7,"stem":444,"testContent":6,"type":445,"__hash__":446},"pages/en-us/the-source/ai/index.yml","",{"layout":9},[427,434],{"componentName":428,"type":428,"componentContent":429},"TheSourceCategoryHero",{"title":402,"description":430,"image":431},"Explore expert insights on how AI is transforming software development, and how organizations can get the most out of their AI investments.",{"config":432},{"src":433},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463300/eoudcbj5aoucl0spsp0c.png",{"componentName":435,"type":435,"componentContent":436},"TheSourceCategoryMainSection",{"config":437},{"sourceCTAs":438},[13,439,440],"navigating-ai-maturity-in-devsecops","source-lp-ai-guide-for-enterprise-leaders-building-the-right-approach",{},"/en-us/the-source/ai",{"title":402,"description":430,"ogImage":433},"en-us/the-source/ai/index","category","wtQi5a4Yy8rZpv9pRFgz-LgiIdSY188tyR5WwsQyl-w",{"config":448,"title":449,"description":450,"link":451},{"slug":13},"How to get started using AI in software development","Learn how to strategically implement AI to boost efficiency, security, and reduce context switching. Empower every member of your team with AI capabilities.",{"text":452,"config":453},"Download the guide",{"href":454,"dataGaName":455,"dataGaLocation":456},"/the-source/ai/getting-started-with-ai-in-software-development-a-guide-for-leaders/","How to Get Started Using AI in Software Development","thesource",{"id":458,"title":459,"body":6,"category":6,"config":460,"content":461,"description":6,"extension":41,"meta":470,"navigation":43,"path":471,"seo":472,"slug":11,"stem":473,"testContent":6,"type":474,"__hash__":475},"theSourceAuthors/en-us/the-source/authors/kristina-weis.yml","Kristina Weis",{"layout":9},[462,468],{"componentName":463,"type":463,"componentContent":464},"TheSourceAuthorHero",{"name":459,"headshot":465},{"altText":459,"config":466},{"src":467},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463469/eoolq6n6bs0zb8gmf0js.webp",{"componentName":469,"type":469},"TheSourceArticlesList",{},"/en-us/the-source/authors/kristina-weis",{"title":459},"en-us/the-source/authors/kristina-weis","author","7aS35hmTnnJfzZc38bQ2jzREk3BAP_mvNGYsLCE9Hfw",{"id":423,"title":424,"body":6,"category":6,"config":477,"content":478,"description":6,"extension":41,"meta":487,"navigation":43,"path":442,"seo":488,"slug":7,"stem":444,"testContent":6,"type":445,"__hash__":446},{"layout":9},[479,483],{"componentName":428,"type":428,"componentContent":480},{"title":402,"description":430,"image":481},{"config":482},{"src":433},{"componentName":435,"type":435,"componentContent":484},{"config":485},{"sourceCTAs":486},[13,439,440],{},{"title":402,"description":430,"ogImage":433},[490,499,508],{"config":491,"title":492,"description":493,"link":494},{"slug":439},"Navigating AI maturity in DevSecOps","Read our survey findings from more than 5,000 DevSecOps professionals worldwide for insights on how organizations are incorporating AI into the software development lifecycle.",{"text":495,"config":496},"Read the report",{"href":497,"dataGaName":498,"dataGaLocation":456},"/developer-survey/2024/ai/","Navigating AI Maturity in DevSecOps",{"config":500,"title":501,"description":502,"link":503},{"slug":440},"AI guide for enterprise leaders: Building the right approach","Download our guide for enterprise leaders to learn how to prepare your C-suite, executive leadership, and development teams for what AI can do today — and will do in the near future — to accelerate software development.",{"text":504,"config":505},"Read the guide",{"href":506,"dataGaName":507,"dataGaLocation":456},"/the-source/ai/ai-guide-for-enterprise-leaders-building-the-right-approach/","AI Guide For Enterprise Leaders: Building the Right Approach",{"config":509,"title":449,"description":450,"link":510},{"slug":13},{"text":452,"config":511},{"href":454,"dataGaName":455,"dataGaLocation":456},1772652112784]