Product Updates

Adopting GenAI responsibly: Sema's approach

Apr 9, 2024
min read

Right now, the highest caliber engineering organizations are figuring out how to integrate GenAI, particularly coding tools like Copilot and OpenAI, into their software development lifecycles (SDLCs). Over the last few months, we’ve been working hand-in-hand with leading organizations to take these first steps with our SaaS risk mitigation platform, AI Code Monitor (AICM).

Here’s how we’re helping our customers make smart, compliance-aware decisions, to implement GenAI into engineering workflows, with a higher degree of trust, transparency, and efficacy.

The problem we’re solving for

Used unwisely, AI tools have the potential to cause irreparable, long-term issues. Will AI code make it harder for a company to get IP protections? What about ethical issues like bias? As regulations take shape, will CTOs run into technical debt that slows down progress?

Often, these problems become evident when the damage is already done. 

Despite these challenges, the biggest risk of all is not adopting AI code. GenAI is known to help with prototyping, testing, automating repetitive tasks, error detection, cross-language code translation, learning, and creativity. Not allowing it — or actively planning for its strategic utilization — is impractical.

The key to being successful with GenAI code is to know, exactly, what you’re getting into so that you can build the optimal protocols for responsible and trustworthy deployment.

How AI Code Monitor helps

AICM helps engineering teams take meaningful steps towards implementing GenAI code into engineering workflows. That process involves:

  • Helping engineering leaders introduce AI coding tools to the SDLC with a compliance-aware perspective
  • Building a foundation for IP protection so issues don’t wreak havoc (i.e. during an M&A event)
  • Creating practical pathways for AI code adoption.
  • Knowing where and how developers are using GenAI code, perhaps in a way that isn’t compliant, within existing workflows.
  • Getting ahead of technical debt by illuminating exactly where, why, and how engineers are using AI code.

Key features

AI Code Monitor helps you see how GenAI code is being implemented in your codebase. Key features include:

  • Rapid assessment for pure vs. blended code. Quickly detect, from your dashboard, how much code was created in part or in full by GenAI (i.e. of 10% of code that was copy/pasted, you can see that 9% came from a human, and 1% was blended).
  • Developer-level metrics. Toggle to a developer view, so you can see how individual developers are using GenAI. The AICM dashboard now shows how much each developer is using GenAI, and if they are using GenAI, how much is Pure (copy and paste from the GenAI tool) vs. Blended (modified by the developer).
  • Fast documentation. Automatically generate a GenAI Bill of Materials (GBOM), when you need one. There are now three tabs to the GBOM: GenAI usage at the function level (subset of file), GenAI usage at the repository level (new), GenAI usage by the developer (new).

In addition, our team at Sema has built — and is continuing to build — a database of risks that identifies potential risks that organizations face when using GenAI. To date, we have aggregated 2,373 individual risks from 725 sources, which include actual law or regulation, a draft of a law or regulation, or a discrete risk factor. 

We can help you identify the risks that are highest to your organization that need a plan in place within 60 days.

How to utilize Sema

We are currently working with engineering teams who are as passionate as we are about the potential for GenAI code in the SDLC — and the need to do it wisely.

We love this quote published in a recent McKinsey research paper: 

“The generative AI payoff may only come when companies do deeper organizational surgery on their business.”

We are offering pilots consisting of a one-time codebase scan. That process involves implementing and test driving our solution for a specific engineering use case on your team. It takes 3-5 days to run your first codebase scan.

Let us know if you’re interested by filling out the contact form here or by reaching out to

Keeping track of global GenAI compliance standards 

Periodically, Sema publishes a no-cost newsletter covering new developments in Gen AI code compliance. The newsletter shares snapshots and excerpts from Sema’s GenAI Code compliance Database. Topics include recent highlights of regulations, lawsuits, stakeholder requirements, mandatory standards, and optional compliance standards. The scope is global.

You can sign up to receive the newsletter here.

About Sema Technologies, Inc. 

Sema is the leader in comprehensive codebase scans with over $1T of enterprise software organizations evaluated to inform our dataset. We are now accepting pre-orders for AI Code Monitor, which translates compliance standards into “traffic light warnings” for CTOs leading fast-paced and highly productive engineering teams. You can learn more about our solution by contacting us here.


Sema publications should not be construed as legal advice on any specific facts or circumstances. The contents are intended for general information purposes only. To request reprint permission for any of our publications, please use our “Contact Us” form. The availability of this publication is not intended to create, and receipt of it does not constitute, an attorney-client relationship. The views set forth herein are the personal views of the authors and do not necessarily reflect those of the Firm.

Table of contents

Gain insights into your code
Get in touch

Are you ready?

Sema is now accepting pre-orders for GBOMs as part of the AI Code Monitor.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.