AI accelerates software production, but raises the risks too

Blog

The use of AI in software development is growing explosively. Organizations are experimenting at scale with AI-driven coding assistants, automated test generation, and tooling that supports developers as they write code. The visible impact: software is being produced at a higher pace than ever. Yet this creates a misleading picture. More software does not automatically mean that software development is faster or more efficient.

AI Accelerates Software Production, But Raises The Risks Too

More output does not automatically mean faster development

AI makes it easier to produce code quickly. Research shows that developers using AI coding assistants work up to 55% faster, and McKinsey describes scenarios in which software development can take place up to ten times faster at lower cost. Features are built in less time, and teams ship more software in a short period. The question many organizations still ask themselves too rarely: does this lead to a faster development process and better products? At this point, that is far from certain.

Software development is much more than writing code. Architectural choices, quality assurance, security validation, maintainability, integration challenges, and governance remain as decisive as ever. In many cases the complexity even shifts to later phases of the development process, for example, during testing, auditing, or incident response. The real impact of AI on development speed and productivity will likely only become properly measurable in six to twelve months.

Organization and processes lag behind

While the adoption of AI within development teams is surging, processes, governance, and policy often lag. Many organizations do not yet have clear guidelines for the safe and responsible use of AI in software development. This gives rise to new risks:

unclear ownership of generated code;
insufficient control over security risks;
a lack of transparency about the AI tools in use;
compliance risks around international laws and regulations;
an increased likelihood of vulnerabilities in production environments.

A mature AI policy is therefore no longer a luxury but a necessary precondition.

Specialist expertise remains crucial

Another development currently taking shape is the declining demand for traditional software development and cybersecurity capacity. Some organizations assume that AI can replace part of this expertise.

That is a dangerous assumption. Precisely in a world where AI generates more and more code, specialist expertise remains essential. AI can support development, but it does not understand business context, does not make architectural trade-offs, and cannot independently assess security implications well enough. In fact, the use of AI in many cases increases the need for experienced software engineers, security specialists, and architects who can safeguard quality, security, and compliance.

More software also means more insecure software

As software production grows, so does the risk of insecure software. AI generates both secure and insecure code, depending on the input, validation, and expertise of the user. Vulnerabilities also spread faster across development chains when organizations build in insufficient controls. This further increases the importance of structural cybersecurity assessments.

In concrete terms, this means organizations should:

carry out security assessments more frequently;
conduct more intensive code reviews;
apply stricter validation of AI-generated software;
continuously monitor development processes;
periodically evaluate the use of AI within teams.

International legislation compels organizations to act

The pressure from laws and regulations is mounting as well. International frameworks such as the European AI Act, NIS2, and existing privacy and security legislation set ever higher demands on software quality, transparency, and risk management. Organizations that deploy AI within their software development will need to be able to demonstrate:

how AI is applied;
which risks are being managed;
how software quality is safeguarded;
which security measures have been taken;
how compliance is monitored.

AI undoubtedly offers tremendous opportunities for software development. But organizations that focus solely on speed and productivity, without strengthening governance, security, and specialist expertise at the same time, run the risk that the benefits will turn into new vulnerabilities over the long term.

The coming years will therefore not hinge on the question of whether AI changes software development. The relevant question is which organizations develop their processes, security, and governance fast enough to keep pace.