Home / Our thinking / Insights / What you need to know when integrating generative AI in the SDLC
What you need to know when integrating generative AI in the SDLC

Table of contents
Adopt GenAI in the SDLC? Start with these five key lessons.
Generative AI (GenAI) is transforming software development. Google’s CEO recently revealed that AI generates up to 30% of their code. 72% of developers are also incorporating tools such as ChatGPT and GitHub Copilot into their workflows.
GenAI brings tangible benefits across the Software Development Life Cycle (SDLC) - faster delivery, enhanced productivity and better code quality. But as adoption grows, so do the lessons.
We spoke with Loan Pham, Vietnam Operations Director, and George Lynch, Director of Technology and Solutions at NashTech, to explore what’s delivering value, and what’s not. Their insights reveal five critical lessons every technology leader should know before embedding GenAI into the SDLC.
1. Governance must come before adoption
Some generative AI tools use your code and prompts to train their models. If you’re not careful, you could be handing over sensitive client data or proprietary IP without meaning to. For any organisation dealing with confidential information, that’s a compliance nightmare waiting to happen.
“Our biggest challenge wasn’t adoption, it was responsible adoption,” said Loan Pham. “We had to proactively define what ‘good use’ looked like before implementation. That meant setting clear policies from the start and reinforcing them consistently, so our teams knew how to use these tools safely - not just to protect our clients’ data, but our own.”
How do you create space for experimentation without compromising on risk?
Implement a strong governance model, covering everything from GenAI tool selection to the people using it. For example, at NashTech governance included:
- Security-first tool selection – prioritising solutions that meet strict security requirements
- GenAI-specific usage policies – building guidelines that reduce the risks of AI in the SDLC
- Developer enablement – delivering regular training on secure prompting, privacy and IP protection
- Baked-in guardrails – integrating tools like SonarQube and Software Composition Analysis (SCA) to catch vulnerabilities and flag low-quality code
- Shared accountability – emphasising that GenAI can help, but developers always own the final output
“Even if the code is generated by AI, the developer still owns it - owns the quality, the correctness and the consequences. Developers must understand that typing a prompt doesn’t absolve them of accountability. You can’t say ‘AI did it’ and walk away.”
George Lynch, Director of Technology and Solutions at NashTech.
Lesson learnt and how to apply it
Governance can’t be an afterthought. Start from day one, choosing secure GenAI tools and setting clear usage guidelines. And no matter how smart GenAI gets, your developers are still on the hook for the final output. That means reviewing the code, sense-checking the results and completing peer-reviews.
2. Productivity must be measured and not assumed
While developers may feel more productive with GenAI, quantifying its actual benefits is harder. In fact, 68% of organisations report they have yet to quantify the impact of GenAI on their business.
Without clear performance metrics across the SDLC, it’s impossible to prove legitimate ROI or pinpoint exactly where GenAI is providing efficiency.
"Translating GenAI into quantifiable gains requires a deliberate benchmarking strategy", said Loan Pham, Vietnam Operations Director at NashTech.
Setting up a benchmarking strategy
The key is to understand the full nature of your work across the Software Development Life Cycle. Start by reviewing past performance, both in terms of quality and quantity, and ask: can we benchmark against this? Metrics will vary by project, but consistency is critical.
Use the same measurements before and after introducing generative AI into the SDLC to ensure a fair comparison.
For example:
- Velocity
- Effort per user story
- Story points per sprint
Lesson learnt and how to apply it
If you can’t answer how much your GenAI tool is improving efficiency, something's wrong. To get real value, you need solid, consistent data. Define success early. Choose clear, quantifiable metrics. Track them relentlessly. Then can you confidently identify where generative AI in software development is driving value.
3. Use cases matter a lot
GenAI is powerful, but it’s no panacea. Its effectiveness depends on your use case. Are you starting from scratch (greenfield) or working with an existing, complex codebase (brownfield)?
That distinction matters.
In greenfield projects, NashTech saw productivity gains of up to 30% using tools like GitHub Copilot. But in more specialised or complex use cases, like legacy code or frontend UI work, it showed minimal impact.
“We used GitHub Copilot on a project involving very complex SQL queries. Copilot is great for general code generation, but it didn’t help much with that specific use case, so the benefit was close to zero”, shared Loan Pham, Vietnam Operations Director at NashTech.
Lesson learnt and how to apply it
GenAI is a high-impact tool, but only when matched to the right task. Be strategic in how and where you use it. Understand the complexity of the task, phase of the SDLC you’re in, how experienced your team is with GenAI and whether the problem is one GenAI is suited to solve.
4. Choose GenAI tools strategically
What does success in the SDLC actually look like? Defining that upfront is essential to choosing the right GenAI tool.
- Map out your desired outcomes across each phase of the SDLC
- Work backwards to identify which tools are best suited to support those goals
- Communicate with development teams and understand their workflows
- Align GenAI tools to specific stages of the lifecycle
“It’s vital to align the tool with the nature of the work. We started by identifying what we needed at each SDLC stage,” explained Loan. “Then we looked at the top tools in the market and compared their features, data security, cost and support. We shortlisted three to five tools, ran test experiments and then selected the best performers for real project pilots.”
Remember, the right tool today might not be the right tool tomorrow. With new tools emerging everyday, your strategy must be adaptable. “It’s about using the right tool at the right time. But staying adaptable is just as crucial. This space is evolving so fast that you may need to re-evaluate your tools every six to twelve months.” – George Lynch, Director of Technology and Solutions at NashTech |
Think about training data
Another important consideration is the source of the GenAI tool's training data. What is the model trained on?
If it's pulling from open-source code that hasn't been reviewed, there could be quality or security issues. But if it's trained on validated, high-quality code you get a much more trustworthy foundation.
For organisations with a proven history of high-quality code, using your own code can offer a significant competitive edge. NashTech, for example, consistently benchmarks its code to ensure it meets high quality standards. Learn more about how we do this.
Lesson learnt and how to apply it
Evaluate GenAI tools with the same scrutiny you would apply to core infrastructure. Look at security, scalability, vendor maturity and the quality of their training data. Don’t back one horse and stick with it forever. Be ready to switch when innovation demands it.
5. Build developer confidence and trust
The best GenAI tools in the world won’t matter if your developers don’t use them. Many developers may have concerns about job displacement or how AI fits into existing workflows.
“Some worry AI might replace them,” recalled Loan Pham. “We reframed that narrative quickly - GenAI is here to extend human capacity, not reduce it.”
Nail down the narrative to your developers: GenAI is an assistant that accelerates delivery, reduces mental load and frees up time for more high-value work.
“This shift in mindset made a significant difference. After investing in the right training, implementing security protocols and giving teams space to experiment, adoption grew organically. By the end of our pilot, developers were not just using the tools, they were asking to keep them”, shared George Lynch, Director of Technology and Solutions at NashTech.
Lesson learnt and how to apply it
Developer trust is earned. For lasting adoption, lead with transparency, arm your teams with the right skills and position GenAI as a co-worker that makes developers' lives easier.
The future of software development with GenAI
Generative AI (GenAI) will shape the future of software development, becoming as ubiquitous as Excel or Word in the workplace. By following these lessons, IT leaders can effectively integrate GenAI into the SDLC, enhancing productivity and efficiency.
Want to learn more insights from our pilots of GenAI in the SDLC? Unlock insights taken from our firsthand experience here.