Generative Artificial Intelligence (GAI) is a new technology, and even though its capabilities are thoroughly being in- spected and applied in different industries, it continues to develop intensively bringing in new types of risks in the soft- ware development domain. The variety of large language models (LLMs) emergency has led to changes at all stages of the Software Development Life Cycle (SDLC). Thus, the main objectives of the article are to identify and understand the po- tential risks associated with LLM-based software development and to identify the best approaches to mitigate the risks. The paper presents observations of common software architectures based on LLM, risks and their impact on traditional SDLCs, approaches to testing and software quality assessment, and an analysis of how LLM has changed the software de- velopment industry. The widespread LLM-based application architectures already have a traditional set of components like a chatbot channel for interaction with users, a knowledge base for providing the appropriate context to LLM, the com- ponents required for authentication and providing secure knowledge processing during the session and prompt accessibil- ity, retrieval-augmented generation system (RAG) and evaluation modules. It is shown that integrating LLM into software generates unique risks that require changes to the already established SDLC at the level of architectural modifications, the evaluation system, and best practices for risk mitigation. Each component of the LLM-based system can generate specific risks in each SDLC stage. To more effectively identify and delineate risks, risk naming and its description were consid- ered, and the traditional risk taxonomy was updated with an LLM-based software taxonomy. It is worth noting that anoth- er stage has been added to the conventional SDLC, which is related to the selection and management of personnel. This is because GAI is now a new technology and requires changes to the traditional composition of specialists. The risk exam- ples, shown in the paper, are presented with risk identifiers that help identify the risk in a specific SDLC and connections to other related risks. It is an assumption that one risk has a minimum of 8 risk identifiers, what is equal to 8 SDLC stages. It explained how the risk manifests in different SDLC stages, which were defined by subject matter experts (SMEs) from IT companies. Finally, some sets and concepts were formalized for future calculations and research of the identified risks.
[1] Raiaan, M., Mukta, S., Fatema, K., Fahad, N., Sakib, S., Mim, M. M. J., Ahmad, J., Ali, M. E., Azam, S. (2024). A Review on Large Language Models: Architectures, Applica- tions, Taxonomies, Open Issues and Challenges. IEEE Access, 1–1. DOI: https://doi.org/10.1109/ACCESS.2024. 3365742.
[2] D’Urso, S., Martini, B., Sciarrone, F. (2024). A Novel LLM Architecture for Intelligent System Configuration. 28th In- ternational Conference Information Visualisation (IV), Coimbra, Portugal, 326–331. DOI: https://doi.org/10.1109/ IV64223. 2024.00063.
[3] Jeong, C. (2023). A study on the implementation of genera- tive AI services using an enterprise data-based LLM appli- cation architecture. arXiv preprint arXiv:2309.01105. DOI: https://doi.org/10.48550/arXiv.2309.01105
[4] Mailach, A., Simon, S., Dorn, J., & Siegmund, N. (2024). Practitioners’ Discussions on Building LLM-based Applica- tions for Production. arXiv preprint arXiv:2411.08574. URL: https://dblp.org/rec/journals/corr/abs-2411-08574.html
[5] Arslan, A. (2024). Exploring LLM-based Agents: An Archi- tectural Overview. Current Trends in Computer Sciences & Applications: Lupine Publishers. DOI: http://dx.doi.org/ 10.32474/CTCSA.2024.03.000162
[6] Marco, B., Verdecchia, R., Vicario, E. (2025). SALLMA: A Software Architecture for LLM-Based Multi-Agent Systems, The 2nd International Workshop New Trends in Software Ar- chitecture (SATrends2025). URL: https://robertoverdecchia. github.io/papers/SATrends_2025.pdf
[7] Stieler, D., Schwinn, T., Leder, S., Maierhofer, M., Kannen- berg, F., Menges, A. (2022). Agent-based modelling and simu- lation in architecture. Automation in Construction, Vol. 141. DOI: https://doi.org/10.1016/j.autcon.2022.104426.
[8] Carnì, D., Grimaldi, D., Nigro, L., Sciammarella, P. F., Cicirelli, F. (2017). Agent-based software architecture for distributed measurement systems and cyber-physical sys- tems design. IEEE International Instrumentation and Meas- urement Technology Conference (I2MTC), Turin, Italy, 1–6. DOI: https://doi.org/10.1109/I2MTC.2017.7969977.
[9] Secure Development for LLM Applications: Best Practices & Trends. Securityium. URL: https://www.securityium.com/ secure-development-for-llm-applications-best-practices- trends/?utm_source=chatgpt.com
[10] Lyashkevych, M., Rohatskiy, I., Lyashkevych, V., Shuvar, R. (2024). Software risk taxonomy creation based on the com- prehensive development process. Electronics and information technologies, 59–71. DOI: https://doi.org/10.30970/eli.27.5.
[11] Cui, T., Wang, Y., Fu, C., Xiao, Y., Li, S., Deng, X., Li, Q, et al. (2024). Risk taxonomy, mitigation, and assessment benchmarks of large language model systems. arXiv preprint arXiv:2401.05778.
[12] Sundaraparipurnan, N., Sandeep, V. (2024). GUARD-D- LLM: An LLM-Based Risk Assessment Engine for the Downstream uses of LLMs. DOI: https://doi.org/10.48550/ arXiv. 2406. 11851.
[13] Threat Modelling and Risk Analysis for Large Language Model (LLM)-Powered Applications. URL: https://ar5iv. labs.arxiv.org/html/2406.11007
[14] TIPS #5: LLMs in software development: the rewards are clear, but what about the risks? URL: https:// forge- pointcap.com/ perspectives/tips-5-llms-in-software-develop- ment-the-rewards-are-clear-but-what-about-the- risks/?utm_source=chatgpt.com
[15] Can We Trust Large Language Models Generated Code? A Framework for In-Context Learning, Security Patterns, and Code Evaluations Across Diverse LLMs. URL: https://arxiv.org/abs/2406.12513?utm_source=chatgpt.com
[16] The Security Risks of Using LLMs in Enterprise Applica- tions. URL: https://coralogix.com/ai-blog/the-security-risks- of-using-llms-in-enterprise-applications/?utm_source= chatgpt. com
[17] DeepSeek’s Safety Guardrails Failed Every Test Research- ers Threw at Its AI Chatbot. URL: https://www.wired.com/ story/deepseeks-ai-jailbreak-prompt-injection-attacks/?utm_ source=chatgpt.com
[18] LLM Security: Top 10 Risks and 7 Security Best Practices. URL: https://www.exabeam.com/explainers/ai-cyber- security/llm-security-top-10-risks-and-7-security-best- practices/?utm_source=chatgpt.com
[19] LLM Security: Top 10 Risks, Impact, and Defensive Measures. URL: https://www.acorn.io/resources/learning- center/llm-security/?utm_source=chatgpt.com
[20] Unveiling the Top 10 LLM Security Risks: Real Examples and Effective Solutions. URL: https://flyaps.com/blog/ un- veiling-the-top-10-llm-security-risks-real-examples-and- effective-solutions/?utm_source=chatgpt.com
[21] Onu, K. (2021). Software Supply Chain Risk Management Framework. DOI: https://doi.org/10.13140/ RG.2.2. 36364. 94083.
[22] Badis, H., Sherali, Z. (2023). Software Supply-Chain Secu- rity: Issues and Countermeasures. Computer. 56. DOI: https:// doi.org/10.1109/MC.2023.3273491.
[23] Virendra, A., Soeren, F., Abdallah, D. (2024). LLM-based Vulnerability Sourcing from Unstructured Data, 634–641. DOI: https://doi.org/10.1109/EuroSPW61312.2024.00077.
[24] Yao Y., Duan J., Xu K., Cai Y., Sun Z., Zhang Y. (2024). A survey on large language model (LLM) security and priva- cy: The Good, The Bad, and The Ugly. High-Confidence Computing, Vol. 4, I. 2. DOI: https://doi.org/ 10.1016/ j.hcc.2024.100211.
[25] Barbera, I. (2025) AI Privacy Risks & Mitigations – Large Language Models (LLMs). EDPB. URL: https:// www.edpb.europa.eu/system/files/2025-04/ai-privacy-risks- and-mitigations-in-llms.pdf
[26] Shanmugarasa, Y., Pan, S., Ding, M., Zhao, D., & Rako- toarivelo, T. (2025). Privacy Meets Explainability: Manag- ing Confidential Data and Transparency Policies in LLM- Empowered Science. arXiv preprint arXiv:2504.09961.
[27] Duenas, T., Ruiz, D. (2024). The Risks Of Human Overreli- ance On Large Language Models For Critical Thinking. DOI: https://doi.org/10.13140/RG.2.2.26002.06082.
[28] Tie, J., Bingsheng, Y., Tianshi, L., Syed, A., Dakuo, W., Shurui, Z. (2024). LLMs are Imperfect, Then What? An Empirical Study on LLM Failures in Software Engineering. DOI: https://doi.org/10.48550/arXiv.2411.09916.
[29] Bibhash, R., Ranjan, D. (2015). A Study on Software Risk Management Strategies and Mapping with SDLC. DOI: https://doi.org/10.1007/978-81-322-2653-6_9.
[30] Pothukuchi, Ameya Shastri & Kota, Lakshmi Vasuda & Mallikarjunaradhya, Vinay (2023). Impact of generative AI on the software development life cycle (SDLC). 11
[31] Geroimenko, V. (2025). Key Security Risks in Prompt En- gineering. DOI: https://doi.org/10.1007/978-3-031-86206- 9_5.
[32] Chen, Zhenpeng & Wang, Chong & Sun, Weisong & Yang, Guang & Liu, Xuanzhe & Zhang, Jie & Liu, Yang (2025). Promptware Engineering: Software Engineering for LLM Prompt Development. DOI: https://doi.org/ 10.48550/ arXiv.2503.02400.
[33] Miracle, Agboola & Hoover, Rose (2024). Combining AI Systems and Human Oversight in Cybersecurity Risk Man- agement AUTHOR. Cybersecurity and Law. 6. 9-15. URL: https://www.researchgate.net/publication/387322788_Comb ining_AI_Systems_and_Human_Oversight_in_ Cybersecu- rity_Risk_Management_AUTHOR
[34] Ibrahim, L., Huang, S., Ahmad, L., & Anderljung, M. (2024). Beyond static AI evaluations: advancing human interaction evaluations for LLM harms and risks. arXiv preprint arXiv: 2405.10632. DOI: https://doi.org/10.48550/ arXiv.2405. 10632.
[35] Khan, T., Motie, S., Kocak, S. A., & Raza, S. (2025). Opti- mizing Large Language Models: Metrics, Energy Efficiency, and Case Study Insights. arXiv preprint arXiv:2504.06307. URL: https://chatpaper.com/chatpaper/fr/paper/128038
[36] Solovyeva, L., Weidmann, S., Castor, F. (2025). AI-Powered, But Power-Hungry? Energy Efficiency of LLM-Generated Code. DOI: https://doi.org/10.48550/arXiv.2502.02412.
[37] Maliakel, P., Ilager, S., Brandic, I. (2025). Investigating En- ergy Efficiency and Performance Trade-offs in LLM Infer- ence Across Tasks and DVFS Settings. DOI: https://doi.org/ 10.48550/arXiv.2501.08219