The assumption that an LLM can do the work for you is fundamentally wrong. Those are tools that are extremely useful in the hands of those who are literate but extremely dangerous if used by people that just copy and paste the output without understanding the implications.
Small companies that don't have robust DevSecOps procedures risk having insecure infra/code shipped in production with disastrous consequences on several levels: it exposes the company, it's data or, worse, the customers info.
Big companies are potentially exposed too, as the good old school devs are progressively becoming cloud engineers, creating their own resources with Terraform and the like, they are increasingly autonomous and can do real damage if proper guardrails or security measures are not put in place. You would be amazed to discover how many well known multinationals still have a less than ideal security system.
Other factor to consider is also the cost of running code that is simply not optimised, wasting CPU cycles for nothing, integrating resources, APIs and what have you that are simply unnecessary. An LLM might spit out something that will seemingly "run" but how can you tell if it hasn't tried to reinvent the wheel in a stupid way, where a code-literate person could have leveraged well established frameworks and have a properly architected service?
With that being said I still think that, sadly, lots of young, aspiring developers or even people that never coded in their life, might fall for the trap and we'll see the emergence of an avalanche of truly non sensical code being deployed. This will be indeed an opportunity for cybersecurity experts.
#CyberSecurity #DevSecOps #AI #LLM #CloudComputing #CodingWisely