Application Security
,
Artificial Intelligence & Machine Learning
,
Events
Daniel Kennedy on Gen AI, Code Remediation and Misplaced Faith in Endpoint Tools
Security professionals are showing growing enthusiasm for generative artificial intelligence, particularly in areas such as application security, security operations and code remediation, said Daniel Kennedy, principal research analyst for information security channel at S&P Global Market Intelligence.
See Also: How Generative AI Enables Solo Cybercriminals
Developers are not only open to AI-generated code fixes but are gaining enough confidence to automate more of the process as results improve, Kennedy said. “When we ask the question, the majority of folks say, ‘Yes, we are willing to accept code fixes from an AI.’ They still want to review them, but we can even start to get past that when the human loop sees that the AI is doing it correctly a number of times,” Kennedy said.
Despite better tools, ransomware defenses are faltering because of overconfidence in tools. While fewer organizations report being hit by ransomware, a growing share of those that are hit end up paying, Kennedy said. This gap reveals misplaced trust in endpoint protection, he said.
In this video interview with Information Security Media Group at RSAC Conference 2025 Kennedy discussed:
- How generative AI tools are accelerating AppSec code remediation workflows;
- Why security teams are increasingly comfortable trusting AI-driven fixes;
- What rising ransom payments reveal about tool overconfidence and risk miscalculation.
Kennedy, who leads research for the information security channel at S&P Global Market Intelligence, created and leads the Voice of the Enterprise: Information Security quantitative research product, which provides an end-user point of view on an array of information security topics.