AI in AppSec: Agentic Tools, Vibe Coding Risks & Securing Non-Human Identities – Mo Aboul-Magd, Brian Fox, Mark Lambert, Shahar Man – ASW #332
ArmorCode unveils Anya—the first agentic AI virtual security champion designed specifically for AppSec and product security teams. Anya brings together conversation and context to help AppSec, developers and security teams cut through the noise, prioritize risks, and make faster, smarter decisions across code, cloud, and infrastructure. Built into the ArmorCode ASPM Platform and backed by 25B findings, 285+ integrations, natural language intelligence, and role-aware insights, Anya turns complexity into clarity, helping teams scale securely and close the security skills gap.
Anya is now generally available and included as part of the ArmorCode ASPM Platform. Visit https://securityweekly.com/armorcodersac to request a demo!
As 'vibe coding", the practice of using AI tools with specialized coding LLMs to develop software, is making waves, what are the implications for security teams? How can this new way of developing applications be made secure? Or have the horses already left the stable? Segment Resources: https://www.backslash.security/press-releases/backslash-security-reveals-in-new-research-that-gpt-4-1-other-popular-llms-generate-insecure-code-unless-explicitly-prompted https://www.backslash.security/blog/vibe-securing-4-1-pillars-of-appsec-for-vibe-coding
This segment is sponsored by Backslash. Visit https://securityweekly.com/backslashrsac to learn more about them!
The rise of AI has largely mirrored the early days of open source software. With rapid adoption amongst developers who are trying to do more with less time, unmanaged open source AI presents serious risks to organizations. Brian Fox, CTO & Co-founder of Sonatype, will dive into the risks associated with open source AI and best practices to secure it.
Segment Resources: https://www.sonatype.com/solutions/open-source-ai https://www.sonatype.com/blog/beyond-open-vs.-closed-understanding-the-spectrum-of-ai-transparency https://www.sonatype.com/resources/whitepapers/modern-development-in-ai-era
This segment is sponsored by Sonatype. Visit https://securityweekly.com/sonatypersac to learn more about Sonatype's AI SCA solutions!
The surge in AI agents is creating a vast new cyber attack surface with Non-Human Identities (NHIs) becoming a prime target. This segment will explore how SandboxAQ's AQtive Guard Discover platform addresses this challenge by providing real-time vulnerability detection and mitigation for NHIs and cryptographic assets. We'll discuss the platform's AI-driven approach to inventory, threat detection, and automated remediation, and its crucial role in helping enterprises secure their AI-driven future.
To take control of your NHI security and proactively address the escalating threats posed by AI agents, visit https://securityweekly.com/sandboxaqrsac to schedule an early deployment and risk assessment.
Mohammed is VP of Product for SandboxAQ’s cybersecurity group, where he drives the development of innovative security solutions. Prior to SandboxAQ, he served as VP of Product at Snyk, the industry-leading developer security platform, where he led the launch of Snyk Code—an AI-powered SAST product that rapidly achieved $100M in ARR. He has also held a product leadership role at Akamai, leading their Edge Computing platform. Mohammed earned his degree in Computer Systems Engineering from Carleton University in Ottawa, Canada.
Brian Fox, CTO and co-founder of Sonatype, is a Governing Board Member for the Open Source Security Foundation (OpenSSF), a Governing Board Member for the Fintech Open Source Foundation (FINOS), a member of the Monetary Authority of Singapore Cyber and Technology Resilience Experts (CTREX) Panel, a member of the Apache Software Foundation and former Chair of the Apache Maven project. Brian has over 20 years of experience driving the vision behind, as well as developing and leading the development of software for organizations ranging from startups to large enterprises.
Mark Lambert is the Chief Product Officer for ArmorCode, a leading AI-powered application security posture management (ASPM) provider. Mark has built products for more than 20 years, and helped organizations streamline the delivery of secure, reliable and compliant software applications across the enterprise, embedded and IoT markets.
Prior to ArmorCode, he held product leadership positions with Parasoft, Advanced Visual Systems (AVS) and more. Mark holds a bachelor’s and master’s degree in computer science from Manchester University, UK.
Shahar Man is a seasoned technology leader with deep experience in engineering, AppsSec, DevOps and product management. As the co-founder and CEO of Backslash Security, he is dedicated to transforming application security by integrating business and security context into cloud-native risk management. Previously, Man held leadership roles at Aqua Security and SAP, where he spearheaded strategic cloud and DevOps initiatives.
Identiverse 2025 is returning to Las Vegas, June 3-6. Hear from 250+ expert speakers and connect with 3,000+ identity security professionals across four days of keynotes, breakout sessions, and deep dives into the latest identity security trends. Plus, take part in hands-on workshops and explore the brand-new Non-Human Identity Pavilion. Register now and save 25% with code IDV25-SecurityWeekly at https://www.securityweekly.com/IDV2025
