AI accelerates, but the risks grow with it

Article

As attention for AI continues to rise, so does the focus on software quality and security. What happens to control and value when software is created faster and faster but is understood less and less? European legislation such as NIS2 and the Cyber Resilience Act (CRA) plays a major role here, especially as executives can now be held liable.

AI Versnelt, Maar De Risico's Groeien Mee

* This interview, with our colleagues Gerben van de Wiel and Ferenc Németh, was published in the special Cybersecurity edition distributed with Het Financieele Dagblad on Saturday, May 23.

New risks

Anyone assessing the value of a company today can no longer ignore software and data. At YieldDD, specialists in analyzing digital assets and cybersecurity, everything revolves around understanding exactly that. “What people sometimes forget is that very few companies can exist without software,” says principal security engineer Gerben van de Wiel. “And that’s something you’d rather know before making a strategic decision than afterwards.”

Together with, among others, principal consulting architect Ferenc Németh, he performs in-depth investigations into companies, often in the context of mergers and acquisitions, but certainly not exclusively. “The type of research we do is highly relevant outside transactions as well,” says Németh. “Companies simply want to know: where do we stand when it comes to cybersecurity and software quality?”

The rise of AI makes that question even more urgent. Van de Wiel sees how quickly its use has become normalized: “Almost everyone uses it. Developers often say you can’t fully trust it, but in practice they all work with it.” That introduces new risks. “If code is being produced even faster, the question is whether development teams can still keep up with cybersecurity.”

The core problem runs deeper

According to Németh, the core issue goes deeper than AI itself. “Building software is not just the production of code: doing it faster doesn’t automatically make it better.” He points to a shift that has been underway for years but is now amplified by AI: less deep expertise and greater dependency on tools. “What we’re seeing now is essentially the same process, but on steroids.”

That dependency also affects control over digital assets. Beyond technical vulnerabilities, there are strategic risks as well, such as vendor lock-in. When an organization bases its entire development process on a single AI model, it becomes vulnerable to price increases or geopolitical shifts. Németh explains: “What happens if your supplier doubles the costs, or if access suddenly becomes temporarily unavailable?

Technology-agnostic

YieldDD positions itself as an expert interpreter within the software and cybersecurity landscape. The company is technology-agnostic and independent, enabling it to objectively assess whether a codebase is an asset or a liability. This is relevant not only during mergers and acquisitions but also for companies looking to modernize their legacy systems.

“Our added value lies in interpretation and context,” Németh emphasizes. “Which risks are truly relevant, and what do they mean for your business?” Van de Wiel concludes: “You may be able to build faster, but you still have to deal with all the surrounding conditions — and ultimately, those determine quality and cybersecurity.”