View More ASW Episodes

The Upsides and Downsides of LLM-Generated Code – Chris Wysopal – ASW #364

Developers are adding LLMs to their code creation toolboxes, using them to assist with writing and reviewing code. Chris Wysopal talks about the security downsides of relying on LLMs and how appsec needs to adapt to dealing with more code at a faster pace. Resources https://www.veracode.com/blog/genai-code-security-report/ https://www.veracode.com/blog/ai-code-security-october-update/ https://www.veracode.com/resources/analyst-reports/2025-genai-code-security-report/ Visit https://www.securityweekly.com/asw for all the latest episodes!

Full Show Notes
Segment One

The Upsides and Downsides of LLM-Generated Code – Chris Wysopal – ASW #364

Developers are adding LLMs to their code creation toolboxes, using them to assist with writing and reviewing code. Chris Wysopal talks about the security downsides of relying on LLMs and how appsec needs to adapt to dealing with more code at a faster pace.

Resources

Guest
Chief Security Evangelist at Veracode
http://veracode.com/

Chris Wysopal is Chief Technology Officer and co-founder at Veracode. He oversees technology strategy and information security. Prior to co-founding Veracode in 2006, Chris was vice president of research and development at security consultancy @stake, which was acquired by Symantec. In the 1990s, Chris was one of the original vulnerability researchers at The L0pht, a hacker think tank, where he was one of the first to publicize the risks of insecure software. He has testified to the US Congress on the subjects of government security and how vulnerabilities are discovered in software. Chris received a BS in computer and systems engineering from Rensselaer Polytechnic Institute. He is the author of The Art of Software Security Testing.

Announcements

  • Security Weekly listeners save $100 on their RSAC 2026 All Access Pass! RSAC 2026 Conference will take place March 23rd to March 26th in San Francisco. To register using our discount code, please visit securityweekly.com/rsac26 and use the code 56U5SECWEEKLY! We hope to see you there!

List of Articles

Mike Shema

  1. Detect Go’s silent arithmetic bugs with go-panikint – The Trail of Bits Blog
  2. What do people love about Rust?
  3. no strcpy either | daniel.haxx.se
  4. The state of the kernel Rust experiment [LWN.net]

    Also referenced in the Program management update — End of 2025 from the Inside Rust Blog.

  5. Can chatbots craft correct code? – The Trail of Bits Blog

    The article notes that “LLMs are most effective when you have:

    • Clean, well-documented codebases with idiomatic code
    • Greenfield projects
    • Excellent test coverage that catches errors immediately
    • Tasks where errors are quickly obvious (it crashes, the output is wrong), allowing the LLM to iteratively climb toward the goal
    • Pair-programming style review by experienced developers who understand the context
    • Clear, unambiguous specifications written by experienced developers”

    The list reads like general guidance for quality software , regardless of the existence of LLMs.

  6. PyPI in 2025: A Year in Review
  7. MongoBleed: Critical MongoDB Vulnerability CVE-2025-14847 | Wiz Blog

    Are you parsing something or compressing something? Because those are two areas that seem to be rife with vulns.

Show More

Stay in the Know, No Smoke and Mirrors – Join Our Newsletter

Get expert insights and technical breakdowns straight to your inbox.
Join Now

Related Episodes

Related Content

You can skip this ad in 5 seconds