Full Segment Notes
AI-generated code is fast, but is it secure? Learn the risks of “vibe coding,” from leaked API keys to hallucinated packages, and how to secure AI-assisted development with proper guardrails and DevSecOps practices.
Thank you to our sponsor for this webcast, Snyk!
AI can write your code, but it can also introduce vulnerabilities you won’t see until it’s too late. Register for an upcoming SC Media webcast at https://scworld.com/webcasts and learn how security leaders are putting guardrails around AI before it breaks their applications.
Key Moments
- 0:00 - Introduction & AI Code Security Overview
- 01:50 - What is “Vibe Coding”?
- 04:30 - AI vs Human Coding Errors
- 07:00 - Real-World Vibe Coding Security Failure
- 10:30 - API Key Leaks & Common Vulnerabilities
- 13:00 - OWASP Top 10 vs AI-Specific Risks
- 16:00 - New AI Attack Vectors (Prompt Injection, Slop Squatting)
- 20:30 - Hallucinations & Misinformation Risks
- 23:00 - Supply Chain Attacks in AI Code
- 25:30 - AI “Gaslighting” Developers Explained
- 28:00 - Context Windows & AI Limitations
- 31:30 - Secure Coding Pipelines & Guardrails
- 35:00 - Prompt Engineering for Security
- 38:00 - AI Code Reviews vs Human Reviews
- 41:00 - Developer Skill Gaps & AI Overreliance
- 44:00 - Shadow AI & Enterprise Risk
- 47:00 - Security Metrics for AI-Generated Code
- 49:30 - Best Use Cases for AI in Development
- 52:00 - Final Takeaways & Security Best Practices
