In a conversation with Dark Reading’s Terry Sweeney, Black Duck CEO Jason Schmitt explains how AI is reshaping application security and why it must evolve to keep pace.
AI is changing how software is built at a pace the industry never imagined. According to Jason Schmitt, CEO of Black Duck, this is creating a security challenge that traditional approaches can’t keep up with, as he explains in this Dark Reading News Desk interview. Organizations are now producing “10 to 20 times more software than even a year ago,” making it impossible for legacy tools to scale. At the same time, AI is expanding the attack surface, making it easier for adversaries to exploit vulnerabilities.
Schmitt calls this moment the “third wave of application security,” moving beyond manual review and DevOps integration into an AI-driven model built for speed and scale. While AI contributes to the problem, it’s also key to solving it. “It’s apps plus,” Schmitt says, emphasizing how AI enhances existing tools rather than replacing them. When embedded into development workflows, AI can analyze large codebases, uncover business logic flaws, and enable continuous, autonomous security processes with less friction for developers.
For Schmitt, the bigger misconception is that AI weakens application security. Instead, he sees it as essential to keeping pace with an expanding attack surface, enabling organizations to move toward continuous, intelligent security. Schmitt is CEO of Black Duck Software, an application security market leader formerly known as the Software Integrity Group and recently carved out of Synopsys, Inc. The company’s portfolio has been recognized as a Leader in the Gartner® Magic Quadrant™ for Application Security Testing for seven consecutive years.
AI is changing how software is built at a pace the industry never imagined. According to Jason Schmitt, CEO of Black Duck, this is creating a security challenge that traditional approaches can’t keep up with, as he explains in this Dark Reading News Desk interview. Organizations are now producing “10 to 20 times more software than even a year ago,” making it impossible for legacy tools to scale. At the same time, AI is expanding the attack surface, making it easier for adversaries to exploit vulnerabilities.
Schmitt calls this moment the “third wave of application security,” moving beyond manual review and DevOps integration into an AI-driven model built for speed and scale. While AI contributes to the problem, it’s also key to solving it. “It’s apps plus,” Schmitt says, emphasizing how AI enhances existing tools rather than replacing them. When embedded into development workflows, AI can analyze large codebases, uncover business logic flaws, and enable continuous, autonomous security processes with less friction for developers.
For Schmitt, the bigger misconception is that AI weakens application security. Instead, he sees it as essential to keeping pace with an expanding attack surface, enabling organizations to move toward continuous, intelligent security. Schmitt is CEO of Black Duck Software, an application security market leader formerly known as the Software Integrity Group and recently carved out of Synopsys, Inc. The company’s portfolio has been recognized as a Leader in the Gartner® Magic Quadrant™ for Application Security Testing for seven consecutive years.