Full Segment Notes
AI is now writing production code, but it’s often insecure. Learn how LLMs are changing AppSec, introducing new risks like prompt injection and data exfiltration, and what teams must do to secure AI-driven development.Thank you to our sponsor for this webcast, Legit Security!AI is accelerating development, but is your security keeping up? Learn how to secure AI-driven SDLCs at https://scworld.com/webcasts.
Key Moments
- 0:00 - Introduction: AppSec Meets AI
- 02:00 - AI is Now Writing Code—What Changes?
- 04:00 - Faster Development, Bigger Risks
- 06:00 - Why AI Generates Insecure Code
- 08:30 - The “Volume Problem” in Security
- 10:00 - Hallucinations & Slop Squatting
- 12:00 - Prompt Injection Explained (Real Attacks)
- 15:00 - Camel Leak: Hidden Instructions in Code
- 18:00 - AI Agents as Security Risks
- 20:00 - Data Exfiltration via AI Tools
- 22:00 - MCPs: The New Attack Surface
- 25:00 - Why AI is Like a Phishable Employee
- 27:00 - Losing Understanding of Code
- 30:00 - Can AI Be Trusted in Security?
- 33:00 - Using AI for AppSec (The Right Way)
- 36:00 - Governance: The Missing Layer
- 39:00 - Traditional Controls Still Matter
- 41:30 - “Just Add: Make It Secure” (Seriously)
- 44:00 - Prompt Engineering as a Security Control
- 47:00 - Monitoring & AI Guardrails
- 50:00 - The Future of Secure AI Development
- 52:00 - Key Takeaways & Final Advice
