Go offline with the Player FM app!
Finding a Use for GenAI in AppSec - Keith Hoodlet - ASW #323
Manage episode 473192879 series 2086045
LLMs are helping devs write code, but is it secure code? How are LLMs helping appsec teams? Keith Hoodlet returns to talk about where he's seen value from genAI, where it fits in with tools like source code analysis and fuzzers, and where its limitations mean we'll be relying on humans for a while. Those limitations don't mean appsec should dismiss LLMs as a tool. It means appsec should understand how things like context windows might limit a tool's security analysis to a few files, leaving a security architecture review to humans.
Segment resources:
- https://securing.dev/posts/ai-security-reasoning-and-bias/
- https://seclists.org/dailydave/2025/q1/0
- https://arxiv.org/pdf/2409.16165
- https://arxiv.org/pdf/2410.05229
- https://nicholas.carlini.com/writing/2025/thoughts-on-future-ai.html
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-323
352 episodes
Manage episode 473192879 series 2086045
LLMs are helping devs write code, but is it secure code? How are LLMs helping appsec teams? Keith Hoodlet returns to talk about where he's seen value from genAI, where it fits in with tools like source code analysis and fuzzers, and where its limitations mean we'll be relying on humans for a while. Those limitations don't mean appsec should dismiss LLMs as a tool. It means appsec should understand how things like context windows might limit a tool's security analysis to a few files, leaving a security architecture review to humans.
Segment resources:
- https://securing.dev/posts/ai-security-reasoning-and-bias/
- https://seclists.org/dailydave/2025/q1/0
- https://arxiv.org/pdf/2409.16165
- https://arxiv.org/pdf/2410.05229
- https://nicholas.carlini.com/writing/2025/thoughts-on-future-ai.html
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-323
352 episodes
All episodes
×
1 Checking in on the State of Appsec in 2025 - Janet Worthington, Sandy Carielli - ASW #338 1:07:15

1 Simple Patterns for Complex Secure Code Reviews - Louis Nyffenegger - ASW #337 38:26

1 How Fuzzing Barcodes Raises the Bar for Secure Code - Artur Cygan - ASW #336 1:01:18

1 Threat Modeling With Good Questions and Without Checklists - Farshad Abasi - ASW #335 1:08:00

1 Bringing CISA's Secure by Design Principles to OT Systems - Matthew Rogers - ASW #334 1:09:09

1 AIs, MCPs, and the Acutal Work that LLMs Are Generating - ASW #333 39:06

1 AI in AppSec: Agentic Tools, Vibe Coding Risks & Securing Non-Human Identities - Mo Aboul-Magd, Shahar Man, Brian Fox, Mark Lambert - ASW #332 1:04:35

1 Appsec News & Interviews from RSAC on Identity and AI - Rami Saas, Charlotte Wylie - ASW #331 1:01:48

1 Secure Code Reviews, LLM Coding Assistants, and Trusting Code - Rey Bango, Karim Toubba, Gal Elbaz - ASW #330 1:09:38

1 AI Era, New Risks: How Data-Centric Security Reduces Emerging AppSec Threats - Vishal Gupta, Idan Plotnik - ASW #329 1:03:03

1 Secure Designs, UX Dragons, Vuln Dungeons - Jack Cable - ASW #328 44:08

1 Managing Secrets - Vlad Matsiiako - ASW #327 1:03:03

1 More WAFs in Blocking Mode and More Security Headaches from LLMs - Sandy Carielli, Janet Worthington - ASW #326 1:14:45

1 In Search of Secure Design - ASW #325 1:07:36

1 Avoiding Appsec's Worst Practices - ASW #324 1:11:19
Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.