Close Menu
  • Home
  • Articles
    • Attacks
      • BEC
      • Data Breach
      • DDoS
      • Evasion Attacks
      • Injection
      • Malware
      • MITM
      • Phishing
      • Ransomware
      • RCE
      • Social Engineering
      • Spoofing
      • Spyware
    • Business and Policy
      • BCP and DRP
      • GRC
      • Regulations
    • Data Protection
      • DLP
      • DRM
      • Encryption
      • IAM
    • Future, Trends and Insight
      • AI
      • Events & Community
      • Emerging Tech
      • Expert Panel
      • Interviews With Experts
      • Insights
      • Study & Research
    • Resources
      • Guides
      • Tools
      • Training & Education
    • Security
      • API
      • Apps
      • Cloud
      • Critical Infrastructure
      • Endpoint
      • Hardware
      • IoT
      • Mobile
      • Network
      • OT
      • Port Security
      • Security Architecture
      • Software Development
      • Supply Chain
      • Zero Trust
    • Threats and Vulnerabilities
      • Emerging Threats
      • Insider Threats
      • Risk Management
      • Threat Intelligence
      • Zero Day
  • News and Exclusives
    • Latest News
    • ISB Exclusive
    • Positive News
  • Who We Are
    • About Us
    • Information Security Buzz Expert Panel​
    • Write for Us
    • Media Pack
  • Contact Us
  • Newsletter
Facebook X (Twitter) LinkedIn
Facebook X (Twitter) LinkedIn
Information Security BuzzInformation Security Buzz
  • Home
  • Articles
    • Attacks
      • BEC
      • Data Breach
      • DDoS
      • Evasion Attacks
      • Injection
      • Malware
      • MITM
      • Phishing
      • Ransomware
      • RCE
      • Social Engineering
      • Spoofing
      • Spyware
    • Business and Policy
      • BCP and DRP
      • GRC
      • Regulations
    • Data Protection
      • DLP
      • DRM
      • Encryption
      • IAM
    • Future, Trends and Insight
      • AI
      • Events & Community
      • Emerging Tech
      • Expert Panel
      • Interviews With Experts
      • Insights
      • Study & Research
    • Resources
      • Guides
      • Tools
      • Training & Education
    • Security
      • API
      • Apps
      • Cloud
      • Critical Infrastructure
      • Endpoint
      • Hardware
      • IoT
      • Mobile
      • Network
      • OT
      • Port Security
      • Security Architecture
      • Software Development
      • Supply Chain
      • Zero Trust
    • Threats and Vulnerabilities
      • Emerging Threats
      • Insider Threats
      • Risk Management
      • Threat Intelligence
      • Zero Day
  • News and Exclusives
    • Latest News
    • ISB Exclusive
    • Positive News
  • Who We Are
    • About Us
    • Information Security Buzz Expert Panel​
    • Write for Us
    • Media Pack
  • Contact Us
  • Newsletter
Subscribe
Information Security BuzzInformation Security Buzz
Home - Artificial Intelligence - AI-assisted software engineering is creating a new delivery paradox
Artificial Intelligence Latest News News & Analysis Security Software Development Security

AI-assisted software engineering is creating a new delivery paradox

Kirsten DoyleBy Kirsten DoyleJuly 10, 20267 Mins Read
Share LinkedIn Twitter Facebook Copy Link Email
AI-assisted software engineering
Share
Facebook Twitter LinkedIn Email Copy Link
AI Summary

A new white paper from code4thought looks at what happens when AI changes how quickly teams write software, and what software engineering produces, how organizations govern it, and where engineers add the most value.

AI-Assisted Software Engineering: The New Delivery Paradox pulls from six in-depth conversations covering security, product engineering, academic research, regulated industry, retail banking, and AI assurance. .

His conclusion is that AI-assisted engineering will demand more discipline, not less: “We are entering the industrial era of software engineering.

Basic summary
Quick AI Summary
ChatGPTClaudeGeminiGrokPerplexityDeepSeekCopilot

AI can generate code faster than most software organizations can absorb it. This should be a productivity breakthrough, but it also exposes a larger problem: many of the processes surrounding software delivery still happen at human speed.

A new white paper from code4thought looks at what happens when AI changes how quickly teams write software, and what software engineering produces, how organizations govern it, and where engineers add the most value.

AI-Assisted Software Engineering: The New Delivery Paradox pulls from six in-depth conversations covering security, product engineering, academic research, regulated industry, retail banking, and AI assurance. 

The expert contributors do not agree on everything, and the paper doesn’t try to force consensus. Rather, it captures a profession that is working through structural change in real time.

Its headline finding is clear: “AI does not break software engineering — it amplifies whatever discipline, or lack of it, is already there.”

Here are five of the questions and findings that stood out.

If AI writes the code, what becomes the primary artifact?

For decades, source code has been at the heart of software engineering. Teams review it, measure it, secure it, version it, then they hand it over.

However, if AI generates a meaningful share of implementation on demand, the paper asks whether the real artifact now sits further upstream.

Ejona Preci, Group CISO at LINDAL, says: “The primary artifact becomes the prompt. When AI generates the code, the code is a derivative.”

That notion raises an immediate governance issue. As she points out, the intent, constraints, and context behind generated code increasingly live in prompts, but prompts today are often “unversioned, unreviewed, and almost entirely unaudited.”

Other contributors think about it differently. Some see prompts and context as the new higher-level source, while others believe that the real asset lies in specifications, the solution itself, or the institutional way of working that turns intent into an outcome.

No debate is settled here, which is partly the point. If engineering value is moving upstream, businesses may need to rethink what they preserve, review, audit, and treat as intellectual property.

The next bottleneck may be understanding, not production

What happens when the cost of producing a feature falls dramatically? According to the paper, the constraint simply moves.

Yiannis Kanellopoulos, founder and CEO of code4thought, talks about a new form of debt: “We are producing code that nobody understands. And the moment you need to evolve it, you discover you cannot evolve what you never understood in the first place.”

The paper calls this “knowledge debt.” Unlike technical debt, it can start the moment AI-generated output reaches production without anyone fully understanding what it does.

That concern is real in an AI-driven time. Testing teams may battle to keep pace. Product and marketing functions may have to deal with release volumes they cannot absorb. Existing monetization models may change at a much slower pace.

Markus Borg, Principal Researcher at CodeScene and Adjunct Associate Professor at Lund University, talks about the scale of the problem: “The cost of creating code is approaching zero. There’s no way a human can keep up with that.”

The full findings look deeper, exploring why some companies may drown in AI-generated output while others use those very tools to change what they can build.

Trust cannot depend on reviewing everything after the fact

Traditional software assurance works on the premise that people can inspect, review, and approve work before it moves to the next stage.

Agentic development challenges this. Preci says: “Trust isn’t something you grant after a review. At machine speed, trust is something you have to architect into the rails from the start.”

The paper examines what this might mean in practice: deterministic tooling, policy-as-code, immutable audit trails, scoped credentials, and controls designed around systems that can act faster than the people charged with reviewing it all. 

Meri Roboci, Cyber Security and AI Enablement strategist at DWS Group, looks at this from a security perspective: “We still apply a zero-trust approach. Just as in cybersecurity, the same discipline extends to AI.”

AI may accelerate development, but businesses still need evidence that systems behave as they are meant to. The answer cannot just be more manual review, because manual review has become the bottleneck.

How teams combine deterministic analysis, AI agents, and human accountability could well become one of the most important engineering questions of the next few years.

AI amplifies the organization it enters

The paper keeps returning to one idea: AI does not arrive in a vacuum.

Give agents healthy, modular code, and they may perform precise work. Give them tangled legacy systems, and they will undoubtedly encounter many of the same problems that frustrate human engineers.

The same applies well beyond code. Poor identity controls, bad data hygiene, unclear model risk ownership, and low AI literacy do not suddenly vanish when an organization brings agentic development on board.

Kanellopoulos says agents are like Ferraris, while many old codebases are dirt roads. Buying the car does not give you a track.

His conclusion is that AI-assisted engineering will demand more discipline, not less: “We are entering the industrial era of software engineering. That requires a new kind of discipline, not obedience, but standardization.”

Yet the prerequisites are not only technical. The paper also looks at adoption, skills, and the order in which businesses introduce governance.

Roboci offers a lesson: “When we led with governance, people experienced it as obstruction because they couldn’t see the reasoning behind the rules. When we shifted to building AI literacy first, the governance that followed felt logical, not imposed. Sequence changes everything.”

The full paper digs more into the human and technical housekeeping that may help promote productive AI adoption while preventing faster-moving disorder.

The software engineer’s role is moving upstream

The contributors mostly agreed when it came to discussing what happens to engineers themselves.

Preci believes that the dividing line will be whether engineers can move beyond implementation: “There’s very little middle ground for software engineers, and the determining factor is whether they evolve from code producers to architects.”

The paper also describes a role increasingly centered on architecture, orchestration, problem definition, judgment, evaluation, and the ability to communicate intent clearly.

George Marinos, Assistant General Manager, Innovation & Digital Partnership at the National Bank of Greece, has seen something particularly telling within his own teams: “The best results with agents are being achieved by people with managerial skills.”

His reasoning is that an agent increasingly resembles a junior collaborator. The quality of the result depends on how clearly someone can describe the request, define constraints, and explain the evaluation criteria.

But the paper also raises a harder question that is still unresolved: what happens to entry-level engineers when AI absorbs the tasks that once helped juniors learn the profession?

That concern is up there with the risk of de-skilling more experienced developers who become disconnected from the code their tools produce. The paper does not claim to have all the answers, rather, it treats the transition itself as one of the industry’s most important open questions.

A profession working through structural change

Perhaps the most useful aspect of the paper is that it resists issuing a verdict on AI-assisted software development.

The contributors disagree about whether prompts, specifications, solutions, or ways of working will become the new primary artifact. They approach trust from different directions. They also see different risks in abundance and different possibilities for the engineering profession.

Having said that, several threads come up again and again. 

AI makes disciplined organizations more effective and undisciplined ones more dangerous. Engineering judgment is moving upstream. Trust mechanisms must keep up with machine-speed output. And the human consequences of this shift deserve as much attention as the tooling.

As the paper says: “The tools are changing faster than the operating models that wrap around them.”

It’s clear that AI can write code. The question is whether businesses can change quickly enough to govern, understand, and take responsibility for what AI helps them build.

Read the full white paper: AI-Assisted Software Engineering: The New Delivery Paradox

Kirsten Doyle
Kirsten Doyle
Information Security Buzz News Editor

Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.

  • Kirsten Doyle
    Sysdig uncovers first documented agentic ransomware operation
  • Kirsten Doyle
    Klue supply chain breach exposes Salesforce data at several security firms
  • Kirsten Doyle
    AI-Powered Attacks Become Top Concern for Security Professionals, New Filigran Survey Reveals
  • Kirsten Doyle
    ShinyHunters targets Oracle PeopleSoft customers through critical zero-day

The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.

Share. Facebook Twitter LinkedIn Email Copy Link

Related Posts

What Are AI SOC Agents? Use Cases, Architecture, and the Leading Vendors

June 19, 20266 Mins Read

AI-Powered Attacks Become Top Concern for Security Professionals, New Filigran Survey Reveals

June 19, 20265 Mins Read

From AI hype to operational reality: A practitioner’s framework for securing agentic systems

June 5, 20267 Mins Read
ISB-Bora-Side-Bar

No se ha podido establecer conexión. Error 429

 
ISB-Bora-Side-Bar
Black ISB Logo

Information Security Buzz is an independent resource that provides the experts’ comments, analysis, and opinion on the latest Cybersecurity news and topics

X (Twitter) LinkedIn Facebook RSS

Working With Us

  • About Us
  • Advertise With Us
  • Contact Us

Write For Us

  • How To Contribute

The Pages

  • Privacy Policy
  • Cookie Policy
  • AI Policy
  • Terms & Conditions
  • Copyright Notice

Information Security Buzz and all its contents are copyright © 2014-2025. All rights reserved. All third-party trademarks are recognized.

Type above and press Enter to search. Press Esc to cancel.

Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}