Artificial intelligence has rapidly established itself as part of everyday business operations and has also transformed the way software is developed. In product development organizations, there may already be more AI agents contributing to software development than human developers. However, this rapid transformation introduces new cybersecurity risks that are not yet fully recognized or deeply considered.
artificial intelligencereliabilitysoftware development
AICyberreliablesoftwareSecurity
While AI has transformed software development by speeding up coding and research, it has also brought forth emerging cybersecurity risks. The rise of AI agents in R&D increases the danger of accidental data leaks involving sensitive corporate information. Furthermore, AI is a double-edged sword: while it aids developers, it also empowers attackers to automate exploits and broaden the attack surface.
Safe AI integration demands advanced professional skills and a critical eye. Because AI can generate plausible but flawed or harmful code, the expert’s role as a quality gatekeeper is more vital than ever. To prevent efficiency from compromising security, organizations need robust governance and continuous oversight of their AI-driven processes.
The daily life of a software developer has changed from being a code producer to a code quality controller. In the worst-case scenario, organizations may input critical business data, confidential customer information, or internal documentation into AI services without understanding how the AI processes that information or where it may ultimately end up. As AI evolves, cyber threats have already changed and will continue to increase in the future, requiring companies to maintain constant vigilance and establish clear operating models to ensure security in software development as well.
At its best, AI serves as an efficient support tool in software development by accelerating information retrieval, assisting in problem-solving, and supporting software creation throughout different stages — even generating complete code independently. Developers no longer need to memorize everything themselves, as information and solutions can now be produced rapidly.
Sami Pitkänen, a critical software development specialist at Wirokit, is currently deepening his expertise in AI-assisted development through the GeTek program at Tampere University. According to Pitkänen, the education has provided a deeper understanding of how AI can be used responsibly to support software development.
“When you understand how models are built, how data influences outcomes, and where the limitations of AI lie, you can use it much more critically and effectively. The education has also helped me understand where the technology is heading and how it can be utilized further, for example as part of software quality assurance,” he explains.
At the same time, AI introduces entirely new cybersecurity risks. AI can generate incorrect or even harmful code, and if its outputs are trusted too readily without critical expert evaluation, the consequences may directly affect software security.
Tuomo Tuominen, Senior Systems Engineer at Wirokit, also sees AI’s impact on cybersecurity as fundamentally dual-sided. According to him, the same technology that helps companies build more secure software also provides attackers with faster and more effective tools. Vulnerability discovery, phishing content generation, and attack automation have all become significantly faster with AI.
Information retrieval and leveraging external solutions have long been part of a software developer’s work. However, AI has changed how easily answers and solutions become available. At the same time, there is a growing risk of accepting AI-generated solutions as truth without sufficient expert evaluation.
“Professional expertise is reflected in the ability to assess the outcome, recognize potential risks, and make the right decisions. Security still relies on human expertise, critical thinking, and the ability to identify problems early. AI does not replace experts — it raises the standard of expertise required,” Pitkänen adds.
Using AI securely requires critical thinking and an understanding that AI itself may become a cybersecurity risk within an organization. According to Pitkänen, one of the most common mistakes is trusting AI-generated content without proper evaluation.
“AI can produce convincing answers and functional-looking code, but that does not mean the result is secure or even correctly implemented. At the same time, the development of AI makes it increasingly difficult to distinguish between human-generated and AI-generated content, which increases the risks related to manipulation and phishing,” Pitkänen emphasizes.
Another significant risk relates to data handling. Many organizations still lack clear understanding of what kind of information can safely be shared with AI services. In the worst cases, critical business data, software source code, or confidential customer information may be entered into AI tools without clear operational models or understanding of how the information is processed behind the service.
According to Tuominen, secure AI usage begins above all with awareness and clearly defined operating models. Organizations should carefully define what information can be shared with AI, how AI-generated results are evaluated, and who remains responsible for the final decisions. The company placing a product on the market bears the responsibility for cybersecurity. Tuominen poses a thought-provoking question: "Do we know which risks we are accepting at the moment of deployment?"
Security is not a one-time project or a state that is achieved once and permanently maintained. It is a continuous part of business operations and software development. Technology, attack methods, and software vulnerabilities are constantly evolving, which means that achieving software security requires organizations to continuously monitor changes and react proactively.
The growing importance of software security is also reflected in tightening regulation. EU cybersecurity requirements, such as the upcoming Cyber Resilience Act, will broadly apply to software-enabled products, and compliance will increasingly become a prerequisite for certifications such as CE marking.
However, cybersecurity development is not only a technical matter — it is also a leadership issue. Software security must be part of the product development strategy. According to Pitkänen, responsibility for security begins at the management level. If leadership does not understand the importance of cybersecurity, security practices will not materialize effectively in the everyday work of employees.
Development teams must possess sufficient expertise in secure development practices. Every employee should understand how data is handled, what risks are associated with AI usage, and when potential threats require immediate action. Security must become part of the quality process, and people must have the ability to make risk-based decisions.
In AI-assisted software development, the human expert’s ability to understand complex systems, evaluate alternatives, and recognize security-related risks becomes increasingly important. Both Pitkänen and Tuominen agree that while AI can assist with technical implementation, humans remain responsible for understanding how software is built securely and why certain decisions are made. Software development teams should include experts in critical software systems to ensure the reliability of solutions.
AI can significantly accelerate development, but security, reliability, and final decision-making do not transfer to technology itself. The more AI automates development work, the more important critical thinking, accountability, and the ability to guide development in the right direction become for experts.
Every developer carries responsibility for ensuring that AI-assisted software development does not create new cybersecurity threats — or at the very least, that those threats do not materialize. Together, we can help keep the connected world secure and resilient.
Securing software in the age of AI is an ongoing process requiring technical proficiency, robust leadership, and strategic vision. With tightening regulations like the EU Cyber Resilience Act, cybersecurity is becoming a mandatory pillar of the quality process. Accountability for secure practices starts with management but must be integrated into the daily routines of every developer.
Despite AI’s ability to transform workflows and automate technical tasks, humans retain ultimate responsibility for software integrity and security. Expert critical thinking and risk-based decision-making are vital for navigating the balance between AI-driven opportunities and threats. By approaching AI with diligence and awareness, we ensure that technology serves as an enabler rather than a source of unmanaged cyber risks.
R&D Partner & Expert in Mission-Critical Software & QA
Harder code
