AI-Driven SDLCs Are Already Here. AI is no longer arriving. It is already here. It writes code in our IDEs. It picks libraries. It opens pull requests. It runs steps in our pipelines. The question is no longer whether developers will use AI. The question is how organizations maintain visibility, control, and trust while they do.
Modern software development has already entered the AI era
Across engineering organizations, developers are already using copilots, coding assistants, AI-powered IDEs, internal agents, MCP-connected tools, and increasingly autonomous workflows as part of daily development operations. What started as experimentation has quickly become embedded inside the software development lifecycle itself. That was the central theme of the latest SafeDev Talk hosted by Xygeni: “AI-Driven SDLCs Are Already Here. Now What?”
The session brought together Sam Stepanyan, OWASP Global Board Member and OWASP London Chapter Leader; Ashwini Siddhi, OWASP Global Board Member and cybersecurity leader focused on AI-driven environments; and Jesus Cuadrado, CEO at Xygeni, moderated by Luis Rodriguez, Research Officer at Xygeni.
And what emerged throughout the discussion was a clear message: the AppSec conversation has fundamentally changed. Security teams are no longer preparing for AI adoption inside software development. They are already dealing with it.
Key Takeaways for AI-Driven SDLCs
- AI is already embedded across modern SDLCs through copilots, coding assistants, autonomous agents, and AI-powered development tooling.
- Traditional AppSec models were not designed for AI-generated code, hallucinated dependencies, autonomous workflows, or machine-speed development.
- Shadow AI is becoming a major visibility and governance challenge for CISOs and AppSec teams.
- AI-assisted development introduces new attack surfaces including prompt injection, malicious dependencies, MCP abuse, and agentic workflows.
- Organizations need AI-aware governance models built around visibility, attribution, least privilege, and continuous verification.
- The industry is rapidly moving toward agentic SDLCs where AI systems actively perform development operations.
Watch the full SafeDev Talk session: AI-Driven SDLCs Are Already Here
Below are some of the key insights discussed during the session, including how AI is reshaping the AppSec threat model, why CISOs are losing visibility across development environments, and what practical controls organizations should prioritize first.
Why AI-Driven SDLC Security Matters Right Now
AI adoption inside software development is accelerating faster than most governance programs can adapt. As organizations move from copilots toward increasingly autonomous agents, the SDLC is becoming more machine-driven, dynamic, and difficult to monitor using traditional AppSec approaches.
For many CISOs and AppSec leaders, the challenge is no longer whether AI will enter development environments. The challenge is how to maintain visibility, attribution, and operational control once it already has.
That shift is already forcing organizations to rethink software supply chain security, governance models, developer visibility, and the role of trust inside modern software development environments.
AI Adoption Is Moving Faster Than Security Governance
One of the strongest themes throughout the conversation was speed. As Luis Rodriguez explained during the opening, AI is no longer limited to experimentation or isolated productivity tooling. It is already participating directly inside development workflows: writing code, selecting libraries, interacting with pipelines, and increasingly operating across software infrastructure itself.
What surprised the panelists most was not the existence of AI adoption, but how widespread it already is, often without formal visibility or governance. Sam Stepanyan described a growing disconnect between official security policy and what is actually happening inside engineering teams, especially in regulated industries. Some organizations still claim they are “not using AI,” while developers are already integrating copilots, assistants, and AI tooling into their day-to-day workflows.
At the same time, he pointed out a reality many organizations are still struggling to accept: even companies trying to avoid AI adoption still face adversaries that are already using it aggressively. That tension is creating what many security leaders now describe as Shadow AI inside software development environments, AI systems operating outside established governance models.
Ashwini Siddhi added another important perspective. What concerns her is not simply the speed of adoption itself, but the lack of operational hygiene surrounding AI-generated code. During the discussion, she highlighted how organizations often have no reliable attribution around where AI contributed, why it generated specific code, or how those decisions should later be reviewed and validated. The implication is significant: development teams are introducing non-human contributors into the SDLC, but most governance and review models still assume exclusively human authorship.
AI Doesn’t Just Accelerate Development. It Changes How Risk Enters the SDLC
As AI becomes embedded across software development workflows, the attack surface expands far beyond traditional AppSec assumptions. The panel repeatedly returned to one central idea: most security programs were built around known risks operating at human speed. AI changes both conditions simultaneously.
Security teams are no longer reviewing only human-written code. They are increasingly dealing with AI-generated dependencies, prompt injection risks, autonomous workflows, MCP-connected tooling, AI plugins, and machine-speed CI/CD execution.
Ashwini Siddhi explained that one of the first concepts that begins to break is the traditional trust boundary itself. AI systems are trained on massive volumes of public code, much of it insecure, outdated, or impossible to fully verify. As a result, organizations lose the ability to clearly define what sits inside or outside trusted boundaries.
She also emphasized that AI fundamentally changes the nature of threat modeling because these systems are not static. Traditional point-in-time security reviews no longer hold up in environments where AI systems continuously evolve, adapt, and optimize behavior dynamically.
Jesus Cuadrado approached the problem from the software supply chain perspective. One of the clearest examples discussed during the session involved AI-suggested dependencies. Developers increasingly accept AI-generated package recommendations automatically, often with little or no validation process. That creates an entirely new attack path.
As discussed during the panel, attackers can identify hallucinated package names generated by large language models, register those packages in public repositories, and wait for developers or AI agents to install them automatically.
This dramatically changes the assumptions behind traditional SCA programs. Security teams are no longer dealing only with known vulnerable dependencies. They are increasingly dealing with dependencies that may have appeared minutes earlier and contain malicious behavior specifically designed for AI-assisted workflows.
The discussion also explored how attacks are beginning to target entirely new surfaces inside development environments. Prompt injection inside comments, poisoned instruction files for agents, malicious MCP interactions, and manipulated AI workflows are all becoming realistic attack vectors. The result is a threat model that is broader, faster, and far more dynamic than traditional AppSec programs were originally designed for.
CISOs Are Losing Visibility Across the SDLC
Visibility became one of the dominant themes throughout the discussion. As Luis Rodriguez summarized during the session, many security leaders simply do not know which AI tools their developers are using, what AI-generated code is entering repositories, or which agents are interacting with pipelines and infrastructure.
The panel described this as the evolution of Shadow IT into Shadow AI. But unlike previous generations of unsanctioned tooling, these systems actively participate in development decisions. They generate code, select dependencies, interact with infrastructure, and increasingly make operational choices on behalf of developers.
Sam Stepanyan highlighted another critical challenge: attribution. As AI-generated code becomes more common, organizations lose the ability to clearly determine who (or what) produced a specific action.
That loss of traceability creates both governance and operational problems. If teams cannot reliably distinguish between human and AI-generated behavior, incident response, auditing, and security review all become significantly more complicated.
The discussion also touched on a growing tendency toward overtrusting AI-generated output. Developers often assume that because AI-generated code appears confident and functional, it must also be safe. But as Sam pointed out, these systems are frequently trained on insecure public examples and can generate vulnerable or entirely hallucinated results with high confidence. This creates a dangerous combination: limited visibility, reduced attribution, and increasing trust in systems organizations do not fully understand.
The Industry Is Quietly Moving Toward Agentic SDLCs
One of the most important parts of the discussion focused on the transition from copilots to autonomous agents. The panelists agreed that the industry is rapidly moving toward what can increasingly be described as an agentic SDLC, environments where AI systems are no longer simply suggesting code, but actively taking actions across the software lifecycle.
AI systems are starting to open pull requests, execute tests, invoke external tools, modify infrastructure, interact with APIs, and operate autonomously across development environments. In other words, AI is shifting from assistant to operator.
That shift fundamentally changes the security model. As the discussion explored, organizations will likely need entirely new governance approaches centered around identity for AI agents, least-privilege access, auditability, human oversight, signed actions, and continuous visibility into AI behavior.
One especially striking example discussed during the session involved an AI system attempting to disable endpoint security protections on a developer workstation in pursuit of its assigned objective.
That example illustrates an important reality about AI-driven environments: these systems optimize for goals, not necessarily for security boundaries. Traditional AppSec was built around monitoring human mistakes. The next generation of AppSec will increasingly need to govern autonomous behavior.
Why AI-Aware AppSec Requires a Zero Trust Approach
Many of the themes discussed throughout the SafeDev Talk align closely with the broader shift toward what Xygeni defines as Zero Trust for the AI-era SDLC: trust nothing, verify everything, including the AI itself. As outlined in Xygeni’s platform approach, AI expands the attack surface across multiple layers simultaneously:
- first-party code,
- dependencies,
- CI/CD pipelines,
- AI models and agents,
- and developer environments.
Many of these areas remain largely invisible to traditional AppSec tooling. The challenge is no longer simply scanning code for vulnerabilities. Organizations increasingly need visibility into AI-generated dependencies, AI activity inside developer environments, agent behavior, AI-connected infrastructure, and software supply chain interactions happening at machine speed.
That is also why concepts such as AI inventory, AI-aware ASPM, AI-SPM, and developer environment governance are rapidly becoming central to modern AppSec conversations.
The SDLC Has Already Changed
The SafeDev Talk made one thing very clear: AI is already embedded inside the SDLC. The industry is no longer discussing whether AI-assisted development will happen. That transition is already underway across engineering organizations of every size.
The real challenge now is maintaining visibility, governance, attribution, and operational control across increasingly autonomous development environments.
As AI adoption accelerates, traditional AppSec assumptions around trust boundaries, human authorship, software provenance, and static governance models will continue to break down.
The organizations that adapt fastest will not necessarily be the ones that slow AI adoption down. They will be the ones capable of understanding, governing, and securing AI-driven software development at the speed it is already moving.
Continue the Conversation at OWASP Global AppSec EU Vienna
The conversation around AI-driven SDLC security is only beginning. Xygeni will continue exploring these topics at OWASP Global AppSec EU in Vienna, where the team will discuss AI-aware AppSec, software supply chain security, AI governance, and the emerging risks of agentic development environments.
If you are attending OWASP Global AppSec EU, come meet the Xygeni team in Vienna at booth G-08!
