Coding Agents Are Getting More Cautious, but Not Safer – Brian Fox – RSAC26 #2

This episode is sponsored by
Full Segment Notes
Key Moments
  • 0:00 - – RSAC 2026 Intro & Sonatype Overview
  • 0:35 - – What Sonatype Does (Maven, Nexus & Open Source Ecosystem)
  • 02:16 - – What is Software Intelligence for AI Coding?
  • 02:30 - – How AI Coding Tools Lack Real-Time Security Context
  • 04:09 - – Feeding AI Agents Real Vulnerability & Dependency Data
  • 05:04 - – The Risk of AI Choosing Deprecated or Vulnerable Code
  • 05:16 - – AI Hallucinations vs Security Accuracy Explained
  • 06:41 - – Why AI Became More “Cautious” (But Less Effective)
  • 07:35 - – Hidden Risk: False Confidence in AI Security Reviews
  • 08:40 - – Improving AI Accuracy with Grounded Data (MCP)
  • 10:28 - – Using MCP Servers for AI Coding Intelligence
  • 11:06 - – AI + Human Collaboration in Secure Development
  • 11:44 - – The Future of Developers: AI as an Abstraction Layer
  • 12:43 - – Natural Language as the New Programming Interface
  • 13:45 - – Can AI Be Trusted in Secure Environments?
  • 14:31 - – Why AI Must Follow Traditional Security Best Practices
Guest
CTO & Co-founder at Sonatype

Brian Fox is CTO and co-founder of Sonatype, with more than 20 years of experience spanning software development, open source, and cybersecurity. A founder of Maven Central and former chair of the Apache Maven project, he also serves in leadership and advisory roles with OpenSSF, FINOS, Singapore’s CTREX Panel, and the Apache Software Foundation.

Stay in the Know, No Smoke and Mirrors – Join Our Newsletter

You can skip this ad in 5 seconds