As organizations continue to modernize their application development strategies, the intersection of AppDev and DevSecOps has never been more critical. In the latest episode of AppDevANGLE, Paul Nashawaty, Practice Lead for AppDev at theCUBE Research, sat down with Jack Poller, Founder and Principal Analyst at Paradigm Technica, to discuss the evolving landscape of software development, security challenges, and the impact of AI on DevSecOps.
The Role of AI in AppDev and Security
The rise of AI in application development has significantly shifted how organizations approach coding, testing, and security. AI-powered tools are being used to automate repetitive tasks such as debugging and vulnerability scanning, but AI is far from replacing human developers entirely.
Organizations are looking to AI to replace developers, with 50% considering AI-driven systems. But my prediction is that they will fail. There will always be a need for human oversight. AI is a powerful tool but lacks the creative problem-solving that human developers bring.
Poller echoed this sentiment, emphasizing the risks of overreliance on AI. While AI can enhance security measures, there are inherent risks,” he noted. One concern is data security—once code is fed into an AI, it becomes part of its knowledge base, which could lead to unintended exposure of proprietary data. Additionally, AI-generated code can introduce vulnerabilities that developers may not catch immediately.”
The Consolidation of DevOps Tooling
One of the biggest trends in the AppDev space is the consolidation of DevOps tooling into unified platforms. Organizations seek ways to reduce complexity by adopting end-to-end DevOps solutions that integrate security directly into the CI/CD pipeline.
The complexity of managing multiple DevOps tools is driving a shift towards unified platforms. By the end of 2025, we expect 50% of enterprises to have adopted these consolidated solutions.
However, the transition to unified platforms comes with its own challenges. “Many organizations struggle with bridging the gap between security and development teams,” Poller added. “Security tools are often developed by security professionals who may not fully understand the application development process. This results in security tools that slow down workflows instead of seamlessly integrating into them.”
Developer Productivity and the Role of Low-Code/No-Code
A significant challenge facing organizations today is the declining time developers spend on actual coding. We find that developers report spending only 24% of their time writing code, with the rest consumed by administrative tasks, meetings, and security considerations.
This is where the rise of low-code and no-code platforms comes into play; these tools empower non-developers—so-called ‘citizen developers’—to create applications while allowing professional developers to focus on more complex, high-value tasks.
Poller agreed, adding that security governance must evolve alongside these platforms. “With more non-technical users building applications, governance and compliance become even more important. Organizations must ensure security is built into these platforms from the start rather than being an afterthought.”
Embedding Security into the Software Development Lifecycle
The most pressing issue is the growing need to embed security into the software development lifecycle (SDLC) from the outset.
“Over 60% of organizations are embedding DevSecOps as a fundamental practice, but my question is: why isn’t it 100%?” Poller remarked. “Security should never be a bolt-on afterthought. Yet, many companies still follow a ‘code first, secure later’ approach.”
Shifting security left in the development process is critical. The farther along in development you are, the more expensive and difficult it is to fix security vulnerabilities. Organizations need to adopt a ‘shift-everywhere’ mindset, where security is integrated at every stage of the SDLC.
The Future of AppDev and DevSecOps
Looking ahead, the industry is still in the early stages of fully integrating security into modern AppDev practices. AI-driven security automation, improved developer security training, and more intuitive DevSecOps tools will be key to ensuring a secure development environment.
We’re at a turning point where security, AI, and application development must converge. Organizations that prioritize security from the start and leverage AI responsibly will be best positioned to thrive in 2025 and beyond.
Poller added, “The industry has made great strides, but there’s still work to be done. As organizations adopt DevSecOps, they must focus on compliance and true security resilience.”
With the evolution of AI, DevOps consolidation, and security best practices, the future of AppDev and DevSecOps promises to be both complex and transformative. Organizations that embrace these changes will gain a competitive edge, while those that lag behind risk increased security vulnerabilities and operational inefficiencies.
