Building Secure and Ethical AI Practices in Software Development

At this point, artificial intelligence (AI)/large language models (LLMs) have evolved into a pseudo “co-pilot” for software developers, allowing them to work faster and more productively. But more speed does not mean more security. Even as new tech tools are deployed, human oversight must remain a core pillar when it comes to security accountability.

After all, developers are ultimately responsible for producing secure, reliable code. When problems arise within the software development lifecycle (SDLC), they often trace back not to AI itself, but to how teams and individuals use it – and whether they apply the human judgment, ethical reasoning and security expertise needed to catch potential issues early.

AI is now a key piece of modern software development. More than four out of five developers use AI coding tools daily or weekly – with many relying on multiple tools in parallel. Teams must understand where automation ends, and where accountability begins.

Also Read: AiThority Interview Featuring: Pranav Nambiar, Senior Vice President of AI/ML and PaaS at DigitalOcean

AI’s role insecurity presents major security challenges. Even the best LLMs generate either incorrect or vulnerable products nearly two-thirds of the time, leading industry and academic experts to determine that today’s technology and systems “cannot yet generate deployment-ready code.” Relying on one AI solution to generate code and another to review it – with minimal human oversight – creates a false sense of safety and security. When oversight fades, so does diligence in recognizing vulnerabilities or maintaining reliable review processes.

The risk is clear: putting too much trust in AI can lead teams to miss the often nuanced, context-driven security issues that machines don’t fully comprehend. LLMs may not fully grasp an application’s authentication or authorization framework, potentially leading to the omission of critical checks. If developers become complacent in their vigilance, it is more likely that overlooked vulnerabilities will slip through the cracks.

Ethical, legal questions persist

Beyond security, organizations must consider issues of accountability and responsible use. Nearly one-half of software engineers report that they are facing legal, compliance and ethical challenges in deploying AI, and nearly as many are concerned about security.

Copyright issues related to training data sets, for instance, could also present real-life repercussions. Many LLM providers will pull from open-source libraries to train their systems. Even if the resulting output isn’t a direct copy from the libraries, it could still draw from material and information in which permission was never given.

The ethical and legal scenarios can take on a perplexing nature: A human engineer can read, learn from and write original code from an open-source library – however, if an LLM does the same thing, it can be accused of engaging in derivative practices.

The current legal picture is a murky work in progress. According to Ropes & Gray, a global law firm that advises clients on intellectual property and data matters, contracts involving third-party AI tools should address indemnification and risk allocation carefully.

Best practices for building expert-level awareness

So how do software engineering leaders and their teams balance innovation with accountability? I recommend the following best practices:

Establish internal guidelines for AI ethics/liability protection. Security leaders must establish governance over how AI tools are used – monitoring usage, assessing vulnerabilities and identifying unsanctioned tools. In setting the guidelines, leaders need to clearly illustrate the potential risk consequences of a product, and explain how these factors contribute to its approval or disapproval.

This governance should incorporate solid, established legal advice, some of which currently recommends that users of third-party AI tools verify the provenance of their training data to mitigate infringement risk. Generally, users need to avoid unauthorized use of copyrighted content when training any proprietary software that leverages AI.

Upskill and educate developers. To avoid vulnerability-caused reworks and legal and ethical dilemmas, team leaders must invest in regular upskilling programs, so developers can grow more proficient and become more dialed-in on software security, ethics and liability factors which could impact their roles and output. They should implement benchmarks to identify where gaps exist and commit to education and continuous-improvement initiatives to eliminate them.

Communicate – and enforce – best practices. AI-generated code must undergo the same quality and security review as human-written code. For example, teams could validate as many user inputs as possible to prevent SQL injection attacks, while output encoding to block cross-site scripting (XSS) vulnerabilities. (The OWASP Foundation and the Software Engineering Institute’s CERT Division provide additional best practices for secure coding.)

Leaders should encourage developers to take part in the designation of best practices, so they have ownership in the process and a deeper engagement in risk prevention.

As software developers lean on AI to accelerate delivery, security leaders must ensure they gain the awareness and capabilities to take full accountability of their output and any potential red flags that AI-assisted code can generate.

Establishing guidelines and strong internal practices, rooted in security, ethics and law, will empower teams to operate with much more expertise and efficacy. When properly governed, AI can become not just a superpower for speed, but a vehicle for sustainable, secure development.

Also Read: The AI-Powered Digital Front Door: Creating Personalized and Proactive Access to Healthcare

[To share your insights with us, please write to psen@itechseries.com ]