Software Development in Transition: Mastering AI, Security and Regulation

With tools like GitHub Copilot or Tabnine, developers already have access to powerful AI assistants whose capabilities are evolving at high speed. Early and targeted adoption can offer major advantages by helping teams build experience and professionalise their use of AI. However, what matters most is purposeful use: it is not the number of tools that makes the difference, but their measurable impact on speed and quality. Blind actionism or fear of missing out can quickly lead to unnecessary costs and complexity.

A fascinating new area in modern software development is so-called Vibe-Coding. This approach enables intuitive, creative application design with a strong focus on user experience and interaction. Similar to how low-code platforms broadened access to software development in the past, Vibe-Coding provides a valuable complement to classic pro-code. However, it is not yet a complete replacement: for complex, highly individual requirements and maximum control, professional programming remains indispensable. Still, Vibe-Coding opens new creative possibilities and helps teams turn innovative ideas into tangible prototypes much faster.

Leaders must actively encourage and demand training and adoption. Without clear expectations and the right enablement, the potential of these tools remains unused. Equally important is solid governance: clear guidelines for data usage, prompt quality and traceability ensure that AI results remain reliable and trustworthy.

Used correctly, AI can become a competitive advantage. It enables faster releases, more stable quality and frees capacity for innovation. Poorly adopted, it only adds cost and reduces quality. The key is structured, measurable and responsible use.

Modern software is built from numerous components, many of which originate from third parties. They provide enormous value by offering proven functionality and allowing teams to focus on the differentiating parts of their applications. Unfortunately, platforms like npm and NuGet are increasingly targeted by attackers, as their vast number of packages create an attractive entry point for supply-chain attacks; a single compromised code fragment can put entire systems at risk (as seen in the well-known Log4j and SolarWinds incidents).

A Software Bill of Materials (SBOM) and digital signatures are essential tools to verify component origins and ensure that nothing unknown slips into your software. When new vulnerabilities are published, organisations can immediately assess whether their systems are affected and what countermeasures are required.

Decision-makers must set clear guidelines for third-party components, invest in suitable security tools and conduct regular audits.

With a transparent, controlled supply chain, teams can harness the full potential of modern package repositories while remaining able to respond quickly to newly discovered vulnerabilities.

In parallel with technological developments, regulatory requirements are becoming stricter. The EU AI Act and the Cyber Resilience Act oblige companies to make the use of AI and software supply chains transparent, secure and accountable. Authorities in Switzerland are increasingly aligning with these standards. International norms also play a key role: ISO 27001 and ISO 27034 provide established foundations for information and application security, while ISO 5338 introduces initial guidelines for trustworthy AI lifecycle management.

For organisations, this means they must not only build functioning systems but also document and demonstrate their security, reliability and fairness. This includes transparent decision-making processes in AI models, protection of sensitive data and active vulnerability management. When implemented well, regulation does not just ensure compliance—it builds trust with customers, partners and regulators.