Secure Code Warrior launches AI adoption model for CISOs

Secure Code Warrior has launched an AI Adoption Model for software development, aimed at Chief Information Security Officers managing AI use across development teams.

The framework outlines three stages of AI use in software development: AI-Assisted, AI Native and Agentic. Each stage is tied to different levels of risk, developer training needs and governance controls as organisations expand their use of AI tools and autonomous systems in coding workflows.

The launch comes as companies face growing pressure to govern AI use in software engineering beyond traditional developer teams. Employees using no-code tools and so-called vibe coding approaches can also add to an organisation's software risk profile, even if they are not trained engineers.

Research cited from Gartner's 2026 Hype Cycle for Secure Software Engineering says AI-augmented development is "expanding the attack surface faster than traditional controls can scale", while AI coding tools are making secure coding skills more important.

Secure Code Warrior is positioning the framework as a way for security leaders to assess current AI adoption, align training to that level and decide which controls should be in place. The structure is intended to help security teams track risk amid what the company describes as a shift from the Software Development Lifecycle to an Agentic Development Lifecycle.

Three phases

In the first stage, AI-Assisted, developers use AI in a limited supporting role. The next stage, AI Native, reflects deeper integration of AI into development work, while the final Agentic phase covers more autonomous orchestration of software tasks.

The framework is intended to give CISOs a practical starting point rather than treating AI use as a single category. That distinction matters because organisations are adopting AI unevenly, with some teams experimenting cautiously and others moving towards systems that can carry out broader development functions with less human intervention.

For security leaders, one challenge is linking the spread of AI coding tools to measurable controls and spending decisions. The framework is designed to support data-led decisions on risk, training and governance, especially as boards and technology leaders face closer scrutiny over the cost and oversight of AI projects.

Another issue is the failure rate of projects that lack controls. Gartner has predicted that by 2027 more than 40% of agentic AI projects will be abandoned because of uncontrolled costs and poor risk controls, according to figures cited by the company.

Security skills

Secure Code Warrior argues that the rise of AI in development changes the developer's role rather than removing responsibility for software security. That means companies need to rethink training as AI tools become more common in daily coding work.

"In our current AI-powered development, writing lines of code is almost free, but developers are still on the hook for secure outcomes. Their security skills need to evolve from code writer to creator & orchestrator," said Pieter Danhieux, Co-founder & Chief Executive Officer, Secure Code Warrior.

One of the model's main uses is to tailor training to how individual teams use AI. Rather than applying the same instruction across an organisation, businesses should map skills and learning needs to the stage of adoption and the degree of autonomy involved in development tasks.

That approach reflects a broader debate in the software sector over whether automated tools should be controlled mainly through technical safeguards or through stronger education for the people directing them. Secure Code Warrior argues that training developers to use AI correctly from the outset is a more effective way to reduce repeated vulnerabilities and manage costs than relying solely on additional layers of AI oversight.

Danhieux said the framework was built to address that governance challenge as software development methods change.

"CISOs need an approach to ADLC governance that is as modern as the methodology itself, one that follows an adoption model designed for agentic AI's evolving, adaptive approach to software development. We've built this framework to help organisations turn secure AI adoption and AI governance from a reactive exercise into a measurable, scalable discipline," said Danhieux.

The AI Adoption Model is now available as organisations seek clearer ways to measure where AI is being used in software development and what controls are needed as that use becomes more autonomous.