Sveriges mest populära poddar

The Application Security Podcast

Eitan Worcel -- Is AI a Security Champion?

49 min • 19 december 2023

Eitan Worcel joins the Application Security Podcast, to talk automated code fixes and the role of artificial intelligence in application security. We start with a thought-provoking discussion about the consistency and reliability of AI-generated responses in fixing vulnerabilities like Cross-Site Scripting (XSS). The conversation highlights a future where AI on one side writes code while AI on the other side fixes it, raising questions about the outcomes of such a scenario.

The discussion shifts to the human role in using AI for automated code fixes. Human oversight is important in setting policies or rules to guide AI, as opposed to letting it run wild on the entire code base. This controlled approach, akin to a 'controlled burn,' aims at deploying AI in a way that's beneficial and manageable, without overwhelming developers with excessive changes or suggestions.

We also explore the efficiency gains expected from AI in automating tedious tasks like fixing code vulnerabilities. We compare this to the convenience of household robots like Roomba, imagining a future where AI takes care of repetitive tasks, enhancing developer productivity. However, we also address potential pitfalls, such as AI's tendency to 'hallucinate' or generate inaccurate solutions, underscoring the need for caution and proper validation of AI-generated fixes.

This episode offers a balanced perspective on the integration of AI in application security, highlighting both its promising potential and the challenges that need to be addressed. Join us as we unravel the complexities and future of AI in AppSec, understanding how it can revolutionize the field while remaining vigilant about its limitations.

Recommended Reading from Eitan:
The Hard Thing About Hard Things by Ben Horowitz - https://www.harpercollins.com/products/the-hard-thing-about-hard-things-ben-horowitz?variant=32122118471714

FOLLOW OUR SOCIAL MEDIA:

➜Twitter: @AppSecPodcast
➜LinkedIn: The Application Security Podcast
➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Förekommer på
00:00 -00:00