AI acceleration represents a ‘tectonic shift’ for DevSecOps
David DeSanto, chief product officer at GitLab, believes there’s still much more to come for AI use cases in DevSecOps


The recent acceleration in the artificial intelligence (AI) space represents a “tectonic shift” in DevSecOps and could herald a new era of efficiency and productivity for software developers, according to GitLab chief product officer David DeSanto.
DeSanto notes generative AI developments have been a source of great excitement across the global tech industry, he tells ITPro at KubeCon 2023, not least of all in software development and cyber security.
Within days of ChatGPT’s launch last November, devs the world over were fawning over the prospect of harnessing the tool in their daily workflows. The ability to generate and even test code proved tantalizing and appeared to be the silver bullet many had dreamt of.
How AI can power software development
DeSanto believes the industry is currently “at the precipice” of a revolution with regard to the practical implementation of AI within the software development lifecycle. That’s not to say AI or machine learning isn’t already being used in this regard, but the scale of potential is highly evident across the ecosystem.
This potential for improved productivity comes amid a period of troubling macroeconomic conditions that are prompting tightening purse strings and placing a strain on already stretched workforces. Simply put, AI tools could make or break how well teams work moving forward.
“I’ve been calling it a tectonic shift in how DevSecOps is done,” he says. “ The reason I feel that way is that there are still many companies who struggle to get a large enough workforce to support what they want to do.
“If you can make your existing team members more effective, then you also make them more engaged, and by making them more engaged, they’re more likely to stay. You are now building a retention component within how you support your team.”
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
DeSanto points to code suggestions as an example, noting an AI-based support functionality within the development process could deliver significant benefits to both individuals and broader teams.
Last week, GitLab announced it had moved its own code suggestions functionality into open beta. The signs so far are promising, with indicators it’s led to efficiency gains as well as improving both quality of life and quality of performance among developers.
David DeSanto has been GitLab's chief product officer since December 2022, and leads the product organization, which focuses on providing a single platform for the DevSecOps lifecycle. DeSanto has been at GitLab since September 2019, first as senior director for product manager, then as VP product.
“Now you could have an intermediate developer, for example, functioning and performing like a senior developer,” he suggests.
Other potential use cases, such as leveraging AI to identify vulnerabilities, would also drastically improve efficiency throughout the development lifecycle and help streamline a notable pain point in the process.
“Those sorts of things are going to make everyone more effective, but also as a team, as a company. One of Gitlab’s core tenets is that everyone can contribute. You’re truly going to make it everyone can contribute if you apply AI properly.”
How to implement AI in DevSecOps
GitLab’s own research correlates with what DeSanto tells ITPro about the increasing use – and potential – of AI tools in DevSecOps.
The company’s annual Global DevSecOps report, published today, finds nearly two-thirds (65%) of developers are now using AI or machine learning in testing processes, or expect to be doing so within the next three years.
Similarly, 62% of developers told the company they use AI or machine learning to check code. DeSanto notes, this marks an increase from 51% last year. This, he says, highlights the fact developers view AI as a valuable tool within their proverbial kit.
RELATED RESOURCE
Walking the line: GitOps and Shift Left security
Scalable, developer-centric supply chain security solutions
DeSanto was keen to emphasize there are certain nuances within this shift in appetite toward AI tools, though. While research shows a notable increase in interest, he believes seniority plays a role in how receptive developers or security personnel may be toward this trend.
“It depends on the maturity of the developer in their career, or on their skillset in terms of the true impact [of AI tools],” he says. “A lot of the time, when it comes to improving developer productivity we see it tends to be newer developers who are getting almost like a coach to support them.
“But developers who are mature don’t have that same big thirst. They view it as a way to get things done faster and spend some of that saved time in code reviewing.”
DeSanto also suggests for teams seeking to leverage AI tools, it isn’t a case of deploy and relax. Deployment requires a concerted effort and razor-sharp focus across the enterprise to maximize the use of AI, else it’ll merely amount to a poorly harnessed stack of tools that add little value.
“For AI to be effective, and for everyone to be effective as a result of this, it can’t just be applied to one part of the software development lifecycle,” he continues. “This is not just the developer, it’s everything involved in delivering software.
“GitLab is an enterprise DevSecOps platform, so obviously we’re focused on covering the entire development lifecycle. In our opinion, you can’t just apply AI to the developer experience and to developer efficiency, you’re not solving the whole problem.”
Ross Kelly is ITPro's News & Analysis Editor, responsible for leading the brand's news output and in-depth reporting on the latest stories from across the business technology landscape. Ross was previously a Staff Writer, during which time he developed a keen interest in cyber security, business leadership, and emerging technologies.
He graduated from Edinburgh Napier University in 2016 with a BA (Hons) in Journalism, and joined ITPro in 2022 after four years working in technology conference research.
For news pitches, you can contact Ross at ross.kelly@futurenet.com, or on Twitter and LinkedIn.
-
Security experts issue warning over the rise of 'gray bot' AI web scrapers
News While not malicious, the bots can overwhelm web applications in a way similar to bad actors
By Jane McCallion Published
-
Does speech recognition have a future in business tech?
Once a simple tool for dictation, speech recognition is being revolutionized by AI to improve customer experiences and drive inclusivity in the workforce
By Jonathan Weinberg Published
-
The future of generative AI lies in open source
News The tenets of open source could support AI in areas such as security and ethical development, but major roadblocks might impede progress
By George Fitzmaurice Published
-
A DevOps guide to the Salesforce platform
Whitepaper Learn how to ship code faster, safer, and with agility.
By ITPro Published
-
Acronis Cyber Protect Cloud review: Slick automated threat remediation
Reviews A single cloud service that neatly combines malware protection with backup and recovery features
By Dave Mitchell Published
-
Ubuntu shifts to four-week update cycle
News Critical fixes will also come every two weeks, mitigating the issues involved with releasing prompt patches on the old three-week cadence
By Richard Speed Published
-
What is platform engineering and will it see the end of DevSecOps?
In-depth Platform engineering is not just the latest industry buzzword but could represent a profound change in how software is developed and governed
By Ross Kelly Published
-
Report: UK lags behind US in auditing code for security flaws
News The CTO of open source software firm SUSE suggested the US’ DevOps maturity can be attributed to the difference in aptitude
By Richard Speed Published
-
Everything you need to know about the latest Windows 11 updates - from bug fixes to brand-new features
News Two new cumulative updates are on the way and will be installed automatically on Windows 10 and Windows 11 machines
By Rory Bathgate Published
-
EU’s Cyber Resilience Act would benefit from US’ open source approach
News The EU is said to be “shooting itself in the foot” if current proposals are passed into law
By Ross Kelly Published