coding – Page 2 – CIO.works

The AI Code Generation Governance Gap Is a Security Gap — Here’s How to Close It

By CIO / Blog / risk management, AI, cybersecurity, coding

AI code generation governance is lagging, creating security and compliance risks. Only 23% of IT leaders manage AI governance effectively, risking a 30% rise in legal disputes by 2028. The increase in AI-generated code without proper oversight may introduce security vulnerabilities. To address this, governance must become continuous and integrated into the development workflow, allowing for instant checks on security and compliance. Embedding automated governance practices reduces risks, simplifies compliance, and enables productive use of AI tools, turning governance from a hindrance into a facilitator of innovation.

https://solutionsreview.com/the-ai-code-generation-governance-gap-is-a-security-gap-heres-how-to-close-it/

Things I’ve Learned in My 10 Years as an Engineering Manager

By CIO / Blog / leadership, coding, software development, product creation

TLDR: Jampa Uchoa shares insights from 10 years as an engineering manager, emphasizing that roles vary per team needs, everyone should care about the product, processes must be questioned, and trust in teams is crucial. Successful management requires transparency, communication strategies, and a focus on empowering teams to thrive independently. Managers should navigate between being a player, coach, and cheerleader, while ensuring that none are bottlenecks. Each team must adapt processes to maintain efficiency, with a focus on the outcomes rather than the processes themselves.

https://www.jampa.dev/p/lessons-learned-after-10-years-as

Coder Unveils AI Governance Tools for Developers

By CIO / Blog / tools, AI, cybersecurity, coding

Coder.com launched a suite of AI governance tools for developers, enhancing self-hosted workspaces with AI coding agents. The platform includes AI Bridge for centralized model access, Agent Boundaries for security controls, and Coder Tasks for workflow automation. This structure aims to provide enterprises control over AI use, reducing risks associated with fragmented systems. As organizations adopt AI more deeply in development, Coder.com emphasizes the need for a unified governance model.

https://itbrief.co.uk/story/coder-unveils-ai-governance-tools-for-developers

Prompt Injection Is Not SQL Injection (it May Be Worse)

By CIO / Blog / SQL, AI, cybersecurity, coding

TLDR: Prompt injection is a new application vulnerability in generative AI, distinct from SQL injection. Unlike SQL, LLMs lack separation between instructions and data, making prompt injection harder to mitigate. Awareness, secure design, risk reduction, and monitoring are crucial in developing secure AI systems.

https://www.ncsc.gov.uk/blog-post/prompt-injection-is-not-sql-injection

Amazon’s New AI Can Code for Days Without Human Help. What Does That Mean for Software Engineers?

By CIO / Blog / coding, AI agent, software development, AI

Amazon announced “frontier agents,” advanced AI systems capable of autonomously coding for hours or days, at its re:Invent conference. These agents—Kiro for software development, AWS Security Agent for security, and AWS DevOps Agent for IT operations—aim to automate the entire software development lifecycle with persistent memory, independent decision-making, and collaborative capabilities across tasks. Unlike existing tools, frontier agents learn from ongoing projects and can manage multi-repo changes simultaneously. While concerns about job impacts arise, Amazon emphasizes these tools enhance rather than replace human engineers, encouraging new practices and faster project completions. The company believes these agents can be applied beyond coding to various fields.

https://venturebeat.com/ai/amazons-new-ai-can-code-for-days-without-human-help-what-does-that-mean-for

Vibe Coding Feels Magical, but It Can Sink Your Business Fast

By CIO / Blog / coding, AI

Vibe coding simplifies programming by allowing users to code in plain English, but it risks quality and security due to lack of rigorous code review. While useful for startups, it can lead to technical debt, inconsistent code quality, and vulnerabilities. Experts warn that businesses need structured coding practices, as reliance on AI-generated code without proper oversight can result in significant long-term issues.

https://www.zdnet.com/article/vibe-coding-feels-magical-but-it-can-sink-your-business-fast-heres-how/

AI Is Rewriting How Software Is Built and Secured

By CIO / Blog / coding, cybersecurity, AI

AI is transforming software development and security, with a report revealing widespread adoption of AI-generated code among organizations. While most use AI coding assistants, only 19% have clear visibility of their AI usage, increasing security risks. Shadow AI—unapproved tools used by employees—exposes organizations to vulnerabilities due to lack of oversight. Despite productivity boosts, 65% report heightened risks, prompting security teams to enhance governance. There’s a push towards converging application security practices for better risk management, indicating a need for balance between innovation and security.

https://www.helpnetsecurity.com/2025/11/10/ai-product-security-report/

AI and Cybersecurity

By CIO / Blog / coding, cybersecurity, AI

A report from Aikido reveals that AI-generated code is introducing serious security vulnerabilities, with nearly seven in ten organizations having discovered such flaws and one in five reporting major incidents. Responsibility for these issues is unclear, as it is split among security teams, developers, and vendors, and the growing reliance on automated tools is exacerbating the problem. As more junior coders depend on AI, crucial human expertise is being lost, raising concerns about “dumbing down” the developer workforce. CISOs warn that organizations should focus on basic security hygiene and critical thinking while resisting the temptation to trust AI blindly, as the technology can amplify existing mistakes if not managed carefully.

https://diginomica.com/ai-and-cybersecurity-ciso-warns-blight-losing-skills-vibe-coding-where-does-your-code-come-ai-so-it

GitHub’s Agent HQ Aims to Solve Enterprises’ Biggest AI Coding Problem: Too Many Agents, No Central Control

By CIO / Blog / AI, coding

GitHub launched Agent HQ, a platform for managing multiple AI coding agents from various vendors, aimed at improving enterprise control and security. It centralizes coding tools within GitHub, supports custom agents with version control, and implements a unified interface called Mission Control. The system allows for granular permissions across repositories while maintaining security standards. Key features include Plan Mode for project collaboration and an agentic code review process using GitHub's CodeQL engine. Enterprises can adopt custom agent guidelines to standardize coding practices without sacrificing flexibility in tool usage.

https://venturebeat.com/ai/githubs-agent-hq-aims-to-solve-enterprises-biggest-ai-coding-problem-too

Salesforce Launches Enterprise Vibe-coding Product, Agentforce Vibes

By CIO / Blog / AI, coding

Salesforce launched Agentforce Vibes, an AI-powered developer tool for vibe-coding that automates coding using natural language. It connects to existing Salesforce accounts for rapid app development with security and governance. The tool includes AI agent Vibe Codey and aims to simplify development processes. Salesforce provides this tool for free with future pricing plans expected, as vibe-coding gains popularity amid significant startup interest despite high operational costs.

https://techcrunch.com/2025/10/01/salesforce-launches-enterprise-vibe-coding-product-agentforce-vibes/