> First, this is great reply with lots of real world experience to share.
I know how they came about with this setup, but I think that's the wrong way of approaching the problem.
Their problem is legacy and trickle-in features in an otherwise unmaintainable code.
With AI, they can rewrite their software to minimize dependencies and in general reduce the attack surface by allowing the business to automate more on their own.
But it requires bold management decisions and people in position of authority that can pick the right battles for the advancement of their careers.
Of course, all the generated code has to reviewed and vetted for by a senior developer. Of course, this has to be re-done every now and then when new classes of vulnerabilities appear that the previous generation didn’t have in mind.
Or do you just trust the AI that was trained on a lot of bogus code?