Software development powered by AI

Generative AI ignited the scene with the introduction of ChatGPT in November 2022, which now has 400 million weekly active users (March 2025). Its ability to generate content through a simple prompt-based interface created many debates about where workflows might be disrupted but also where they might be enhanced.

Fast-forward to 2025, and the $250 billion DevSecOps industry (Application Development, Security, IT Operations), as sized by Gartner, is one where generative AI is proving it can work. More specifically, organizations are seeing 25–50% productivity gains when using AI code-generation tools. But the next evolution of AI is already here: Agentic AI, where agents can autonomously complete complex multi-step workflows. This should further accelerate the number of new applications being built. We believe AI is already being injected into nearly every DevSecOps workflow to drive efficiency.

Prior to ChatGPT, industry analysts (IDC) were already anticipating that 500+ million new applications would be created over the next several years. But with the rapid advancements of AI in DevSecOps, we believe 500+ million will be just the beginning. The increasing thirst for new digital experiences should create a demand tailwind for the leading infrastructure software businesses that have the most innovative tools to make this happen. 

AI will make many workflows across the DevSecOps toolchain more efficient. Software developers will be able to write code, test it, debug it and iterate it faster and easier. This should increase developer productivity meaningfully.

Some could argue that these productivity gains from AI will result in lower demand for the 37 million developers worldwide (IDC). But we don’t think it will play out like that. The ability to do more with less will lower the barriers to entry and allow more organizations to hire developers for digital transformations. This may not have been possible prior to the productivity enhancements created by AI. In fact, we believe AI will ultimately increase the number of developers needed, as the demand for applications that drive digital transformations rises, and industry analysts agree (IDC forecasts 57.8 million developers in 2028, 12% CAGR 2024–2028). Going further down the DevSecOps workflow to IT operations and security teams, AI should make data analysis, and problem identification and remediation, faster and easier too. 

The idea of being able to tell a DevSecOps AI tool to automatically write the code, improve it, deploy it and secure it is incredibly exciting. However, the use of AI in DevSecOps is still relatively new, with many risks to be aware of. We believe these risks fall into two main categories: (1) creating low-quality code and (2) mounting technical debt.

On code quality, the use of AI, and more specifically generative AI, could result in bad code quality that is susceptible to hackers. This is because the large language models (LLMs) that power generative AI code-generation tools are trained on publicly available code. Hackers could exploit this by planting malicious code in the public domain that ends up being embedded in private code. This malicious code can result in poor application performance or, even worse, a backdoor for hackers to exploit. Furthermore, if Agentic AI tools go rogue, this could cause unintended and unfixable problems.

From a technical debt perspective, AI’s ability to create code at much higher rates compared to humans could result in poor-quality code and fixes to be rapidly stacked on top of each other. In turn, the application could end up becoming a towering pyramid of bad code that is difficult to maintain and risky to use.

We believe most organizations are still learning how to use AI throughout application development, security and IT operations workflows. As learning moves to implementing new tools and processes, we believe demand for the leading DevSecOps software vendors will really start to take off. Smaller businesses may find that AI makes hiring DevSecOps teams more economical and also more necessary.  Larger businesses may find that DevSecOps teams are increasingly able to build more of the applications that they need. We expect 20%+ revenue growth for the most innovative vendors in the category over the next several years.