3. How Does AI Affect Your Organization’s Attack Surface?
Increasing the attack surface is inevitable with AI. Such coding solutions build their code on pre-existing open-source libraries and tools. Your software bill of materials will lengthen considerably, creating technical debt and dependencies on new-to-you packages. This is almost unavoidable and is a factor that must be documented for compliance and risk management purposes as AI-written software is moved into production.
4. How Ready Is Your Overall Environment For AI?
AI assumes a modern development environment. The coding tools are built on large language models that are trained on modern code and existing standards, which can create friction when interacting with legacy systems such as old HL7 electronic health record systems or databases. To make the best use of AI tools, organizations must adopt modern DevSecOps practices. Going full continuous integration/continuous deployment is not necessary, but you do want to make it easy to rapidly deploy fixes for both functional and security flaws you find downstream.
UP NEXT: How do managed cloud and AI services turn complexity into business advantage?
5. How Can AI Support Security Improvements?
AI doesn’t solve security problems, but it does make it easier to write secure systems. These coding tools are aware of security best practices, such as keeping credentials out of configuration and using encryption for network traffic, and they’ll encourage users to go down these paths. But they won’t enforce good practices or know about healthcare-specific issues. That requires a security-aware developer to tell the AI tools things such as, “Use the HL7 FHIR guidelines in all of the code you write,” or “integrate with our existing single sign-on system for authentication.” Writing, and then applying, a consistent set of security instructions for every vibe coding session is a necessary risk-reduction measure.
