Why AI-powered DevSecOps is the future of cybersecurity in Australia

The development world is at a crossroads. Traditional DevOps is no longer enough to protect businesses against the rise of new and evolving cyberthreats, especially AI-driven ones. In fact, 70% of Australian organisations feel that AI is advancing faster than their ability to defend against related threats, prompting an urgent re-evaluation of security strategies.

This is where AI-powered DevSecOps comes in. Simply put, DevSecOps brings together developer operations (DevOps), security operations (SecOps) and IT operations (ITOps) across all stages of the software development and delivery lifecycle. Integrating AI into the process brings crucial benefits to Australian businesses from enhanced security to operational efficiency and will be key to becoming cyber resilient in the year ahead.

Redefining development and testing

AI-powered DevSecOps drives early and automated security integration, breaking down gaps that exist between development, quality and security teams. For instance, automated security integration means teams can identify vulnerabilities earlier in the software lifecycle and work more collaboratively to reduce costly fixes later down the line. The unification of DevOps, SecOps, and ITOps through AI aligns with an increasingly interconnected technology landscape, where reliance on the cloud continues to grow.

Another key benefit to the development stage is enhanced efficiency through the reduction of redundant activities, freeing up skilled engineers to do more complex and new development tasks. AI also produces more reliable software with automated testing and security checks taking place earlier in process versus at the end.

Reducing technical debt

Technical debt is a significant issue that often goes unnoticed until the debt comes due. According to a survey by Protiviti, 100% of Australian executives reported that technical debt had a moderate to significant impact on their organisation’s ability to innovate, reflecting the urgency to modernise outdated systems and streamline operations before they hinder growth.

AI-powered DevSecOps also helps businesses manage technical debt. One of the reasons technical debt accumulates in the first place is that time-poor development teams sometimes skip testing steps in a rush to meet deadlines. AI-driven automated testing enhances DevSecOps by continuously scanning code, detecting inefficiencies and identifying vulnerabilities earlier in the development cycle — ensuring that security and quality are built into the process from the start.

As DevSecOps adoption grows, more development teams will realise that when properly implemented, it significantly reduces technical debt. First, DevSecOps identifies technical debt through automated testing, especially when powered by AI. Second, AI-fuelled DevSecOps provides actionable insights and prioritisation, allowing teams to tackle the most critical technical debt across both DevOps and SecOps. AI-driven DevSecOps also pushes the business mind-set from a reactive, business-as-usual approach to a proactive culture of continuous improvement.

AI vs AI: The battle for cybersecurity

AI is increasingly becoming an asset for cybercriminals in seeking out attack targets and determining the types of attacks on organisations. The Australian Signals Directorate’s Annual Cyber Threat Report 2023–2024 highlighted that malicious actors are increasingly leveraging AI to enhance the sophistication and effectiveness of their attacks. This trend will only continue to grow, delivering more powerful and targeted threats against businesses.

Compounding this problem, AI-powered attacks are also extremely difficult to detect since algorithms over time adapt to defences with attacks taking on multiple forms, such as sending personalised emails, creating realistic (deep fake) videos or audio recordings, reverse engineering (model stealing), and data poisoning to compromise security system performance.

Because of this, business will find it necessary to turn to AI — either by itself or as part of a DevSecOps program — to combat the advanced threats. AI-powered security solutions can detect subtle anomalies in user behaviour or network traffic, detecting threats before they worsen. Take the banking industry as an example: AI-based fraud detection systems will be able to block AI-generated synthetic identities, where criminals use machine learning to create realistic fake identities to bypass verification.

Ultimately, the growing use of AI by bad actors will push organisations to accelerate their own AI-driven DevSecOps initiatives, ensuring they stay one step ahead in the escalating cybersecurity arms race.

With the global DevSecOps software tools market projected to reach US$23.42 billion by 2028, it’s clear that more organisations will follow the growing trend of adopting agile and AI-driven DevSecOps practices. A significant number of Australian businesses are already making this shift, driven by the need for more efficient software development and heightened security concerns. Those that resist implementing AI-powered DevSecOps risk falling behind, not just in cyber resilience but also in innovation and competitiveness.

Image credit: iStock.com/ArtemisDiana