Sign up to save your podcasts
Or
Share Finding a Use for GenAI in AppSec - Keith Hoodlet - ASW #323
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Finding a Use for GenAI in AppSec - Keith Hoodlet - ASW #323
LLMs are helping devs write code, but is it secure code? How are LLMs helping appsec teams? Keith Hoodlet returns to talk about where he's seen value from genAI, where it fits in with tools like source code analysis and fuzzers, and where its limitations mean we'll be relying on humans for a while. Those limitations don't mean appsec should dismiss LLMs as a tool. It means appsec should understand how things like context windows might limit a tool's security analysis to a few files, leaving a security architecture review to humans.
Segment resources:
- https://securing.dev/posts/ai-security-reasoning-and-bias/
- https://seclists.org/dailydave/2025/q1/0
- https://arxiv.org/pdf/2409.16165
- https://arxiv.org/pdf/2410.05229
- https://nicholas.carlini.com/writing/2025/thoughts-on-future-ai.html
Show Notes: https://securityweekly.com/asw-323
View all episodes
By LLMs are helping devs write code, but is it secure code? How are LLMs helping appsec teams? Keith Hoodlet returns to talk about where he's seen value from genAI, where it fits in with tools like source code analysis and fuzzers, and where its limitations mean we'll be relying on humans for a while. Those limitations don't mean appsec should dismiss LLMs as a tool. It means appsec should understand how things like context windows might limit a tool's security analysis to a few files, leaving a security architecture review to humans.
Segment resources:
- https://securing.dev/posts/ai-security-reasoning-and-bias/
- https://seclists.org/dailydave/2025/q1/0
- https://arxiv.org/pdf/2409.16165
- https://arxiv.org/pdf/2410.05229
- https://nicholas.carlini.com/writing/2025/thoughts-on-future-ai.html
Show Notes: https://securityweekly.com/asw-323