A global survey of 1,015 IT professionals with responsibility for application security finds more than three quarters (77%) are using artificial intelligence (AI), with another 13% considering adoption.

Conducted by Fastly, a provider of a content delivery network (CDN) service, the survey also finds 25% of survey respondents using AI have fully integrated into their existing application development pipelines, while another 39% said AI is partially integrated. Just under a third (31%) reported that they are experimenting with implementation, compared to only 6% who said AI is not at all integrated into existing workflows at this time.

More surprisingly, a third (33%) said that 50% or more of their application security issues identified by AI tooling are now acted upon without human review. However, only 4% said between 76 – 100% of identified errors are acted upon without human intervention, compared to 26% reporting that 51-75% of identified errors are acted upon without human intervention. Another 26% said between 1-25% of identified errors require no human intervention.

Despite that faith in AI, more than two-thirds (66%) also noted they have implemented review checkpoints, while nearly half (49%) have vetted AI models. Another 46% use auditing and logging, while 32% rely on secure sandboxing.

Additionally, the survey finds that adoption doesn’t always equate to complete trust. Only 22% ranked AI as ‘excellent’, while 48% said it was ‘good enough.’ A combined 30% said it was either fair or as far down as ‘very poor’.  Well over a third (37%) reported occasional false positives being generated by AI tools, compared to 12% reported frequent false positives, for a total of nearly half (49%) of survey respondents who experience some false positive results. Only 11% reported that they ‘never’ see false positives.

Top issues identified when using AI are integration complexity (46%), lack of trust in results (36%), poor explanation of security findings (23%), internal skills gaps (38%), and regulatory or compliance concerns (33%).

Austin Spires, senior director of product management for Fastly, said even with these issues and concerns, it’s clear organizations are moving rapidly to apply AI to application security. In essence, application security teams are committed to using AI as much as possible within the known limits of AI capabilities, he added. Top benefits of AI cited are an (obvious) reduction in manual effort (55%), faster vulnerability detection (50%), faster vulnerability remediation timelines (36%), and better triage capabilities (43%).

The assumption is that over time the capabilities of AI technologies will only continue to improve so investing the time and effort required to apply AI today will pay much higher dividends down the road, said Spires

In fact, 31% have a formal effort to explore new or future use cases for AI within their application security efforts, while another 49% reported that they are, though informally.

Each DevSecOps team will need to determine for itself to what degree to trust AI to, for example, automatically remediate a vulnerability. The one thing that is clear is that as the volume of code being created using AI tools increases it’s only a matter of time before AI is relied on more to fix the code created by those tools. In effect, AI will be depended on to fix AI coding tools that, hopefully, will in time produce fewer errors than they tend to do today.