We ❤️ Open Source

A community education resource

Navigating AI risks in software development: The impact on security and your supply chain

Watch this video to learn how supply chain security is evolving with AI and discover Minder, a new open source project.

Craig McLuckie, co-founder and CEO of Staklok, sat down with the All Things Open team to share his expertise on the evolving role of AI in developer workflows and security. With his deep background in Kubernetes and open source communities, Craig discusses how generative AI models are changing development practices. He highlights the shift from traditional code searching to AI-driven code generation, which his boosting productivity, but also introducing new security challenges, as malicious actors can potentially exploit AI to inject harmful code into environments.

Subscribe to our All Things Open YouTube channel to get notifications when new videos are available.

“Generative AI is fundamentally changing the way developers work, but it’s also introducing new challenges—hackers are now able to use AI to produce and deploy malicious code, which requires a complete rethinking of how we approach security.” — Craig McLuckie

Craig also dives into the limitations of relying solely on CVEs (Common Vulnerability Exposures) for security. As AI-powered tools become more prevalent, hackers are using these same models to create and deploy malicious code, which demands a new approach to securing the software supply chain. He stresses the need for organizations to go beyond CVEs and adopt a broader, more proactive strategy to mitigate evolving threats.

Automate and streamline security policy enforcement with Minder

Additionally, Craig introduces Minder, an open source tool developed by Staklok, designed to help organizations manage security policies across their software development lifecycle (SDLC). By using Minder, teams can automate security best practices and create reconciliation loops to reduce vulnerabilities, making it easier to maintain secure codebases.

Key takeaways

  • AI is reshaping developer workflows by providing code suggestions, but it also creates new security risks that require proactive management.
  • Security strategies must go beyond CVEs, addressing the risks of AI-generated code and securing the entire software supply chain.
  • Minder is a powerful open source tool for automating security policy enforcement across the SDLC and enhancing supply chain security.

Conclusion

Craig’s insights underscore the dynamic intersection of AI and security, urging developers to adapt to rapid changes. His call to action is clear: The open source community is a powerful resource. By exploring tools like Minder and connecting with peers, developers can better secure their environments and continue to innovate.

More from We Love Open Source

About the Author

The ATO Team is a small but skilled team of talented professionals, bringing you the best open source content possible.

Read the ATO Team's Full Bio

The opinions expressed on this website are those of each author, not of the author's employer or All Things Open/We Love Open Source.

Want to contribute your open source content?

Contribute to We ❤️ Open Source

Help educate our community by contributing a blog post, tutorial, or how-to.

Join us next year for All Things Open 2025!

Be sure to save the date for All Things Open 2025: Sunday, October 12 through Tuesday, October 14.

Open Source Meetups

We host some of the most active open source meetups in the U.S. Get more info and RSVP to an upcoming event.