 |
VOOZH | about |
|
VOOZH | about |
We’re so glad you’re here. You can expect all the best TNS content to arrive Monday through Friday to keep you on top of the news and at the top of your game.
Check your inbox for a confirmation email where you can adjust your preferences and even join additional groups.
Follow TNS on your favorite social media networks.
Become a TNS follower on LinkedIn.
Check out the latest featured and trending stories while you wait for your first TNS newsletter.
A recent survey by JetBrains of more than 23,000 developers found that nearly half (49%) now use AI regularly for coding and other development-related tasks. Among those developers, 73% report saving up to four hours per week through AI assistance.
But a key question remains: What are developers actually doing with that extra time?
While large language models (LLMs) have proven remarkably effective as coding assistants, especially because developer frameworks are so well-documented, they still have blind spots. LLMs don’t inherently understand an organization’s existing applications, data models or infrastructure. As a result, the time savings from AI-assisted coding often get redirected elsewhere in the software development life cycle (SDLC).
According to Atlassian’s “State of Developer Experience” survey 2025, most developers are reinvesting their AI-driven time savings into improving code quality. That shift makes sense. As AI accelerates code generation, the sheer volume of new code has been increasing, bringing with it a higher need for review, testing and debugging.
Research from Apiiro reinforces this point: Vulnerabilities introduced by AI coding assistants require significant human oversight. The trade-off is clear: Four times faster code generation can come with 10 times greater risk if not properly managed.
For developers, AI is being used not just for faster coding but also for debugging and vulnerability scanning. When used as both a coding assistant and as a debugger, it’s important to not create a kind of recursive loop — AI writing code that’s then reviewed and fixed by the same AI. While efficient in theory, it can also compound assumptions and errors, just like a game of telephone.
In the rush to automate threat detection, code reviews and policy enforcement, security teams are increasingly deploying LLM-based agents to detect threats like prompt injection, data exfiltration attempts or unauthorized queries. But the same sophistication that makes these models capable of identifying nuanced patterns also makes them vulnerable to the very tactics they’re trained to catch.
For example: The AI system designed to detect prompt injection can itself be manipulated through prompt injection. A malicious actor doesn’t need to breach infrastructure or exploit a buffer overflow — they can simply convince the AI to overlook, reinterpret or “approve” something harmful.
Let’s walk through a common sequence of events in this new security landscape:
This recursive vulnerability — where AI systems manipulate or are manipulated through dialogue — creates an “infinite loop” of trust and deception. However, at its core, this is not a failure of technology; it’s a failure of boundary definition.
AI systems are conversational by design. They interpret, reason and generate based on context. But when the boundaries between analysis and action are blurred, a model can inadvertently become part of the attack surface. Security logic becomes entangled with natural-language logic. And that’s the danger.
Despite the sophistication of today’s models, they are still pattern matchers, not sophisticated arbiters of nuance. They can be tricked, confused or persuaded — sometimes spectacularly.
This means that relying solely on LLMs for threat detection, vulnerability analysis or automated code approval introduces a new layer of systemic risk. For example, model drift can weaken security judgments over time, content poisoning can alter how a model perceives safe or unsafe behavior and adversarial prompts can reverse engineer filters and cause data leakage.
However, if you still want to use LLMs, you need to ensure you are breaking the loop. Enterprises at a minimum must adopt multimodel security reviews, or better yet, multilayered LLM-driven security reviews, to avoid the recursive trap. In addition, the chain of testing and debugging needs a non-AI enforcement mechanism.
Here are some practical best practices to apply:
This structure helps ensure that AI remains an intelligent assistant, not the sole authority in the security chain.
While this paradox seems unique to AI, it mirrors challenges developers have faced for decades, particularly in the Java and Spring framework ecosystems.
In traditional applications, developers have long relied on layered security: web filters, interceptors, controllers, service-level validations and access controls to guard against injection, spoofing and session hijacking. AI introduces new versions of these same problems, only now they exist in the semantic layer instead of the code layer.
Furthermore, AI-assisted coding has dramatically increased the volume of code commits. Enterprise security teams, already stretched thin for years, require additional support to manage this surge. Leveraging AI for security can help address the increased code volume. Yet, as the distinction between code logic and conversational logic blurs, security teams will still face considerable challenges. AI-assisted coding underscores the need for security models to evolve and shift left.
For developers, frameworks like Spring Security can play a crucial role in bridging AI trust boundaries. Spring Security is a comprehensive and extensible support for both authentication and authorization that provides protection against attacks like session fixation, clickjacking, cross-site request forgery and more. When combined with the AI-assisted testing and debugging best practices, implementing an application platform like Tanzu Platform is highly recommended. Such platforms enable organizations to proactively manage the influx of code generated by AI-assisted coding and maintain risk control.
