Eitan Worcel -- Is AI a Security Champion?

Update: 2023-12-19

Description

Eitan Worcel joins the Application Security Podcast, to talk automated code fixes and the role of artificial intelligence in application security. We start with a thought-provoking discussion about the consistency and reliability of AI-generated responses in fixing vulnerabilities like Cross-Site Scripting (XSS). The conversation highlights a future where AI on one side writes code while AI on the other side fixes it, raising questions about the outcomes of such a scenario.

The discussion shifts to the human role in using AI for automated code fixes. Human oversight is important in setting policies or rules to guide AI, as opposed to letting it run wild on the entire code base. This controlled approach, akin to a 'controlled burn,' aims at deploying AI in a way that's beneficial and manageable, without overwhelming developers with excessive changes or suggestions.

We also explore the efficiency gains expected from AI in automating tedious tasks like fixing code vulnerabilities. We compare this to the convenience of household robots like Roomba, imagining a future where AI takes care of repetitive tasks, enhancing developer productivity. However, we also address potential pitfalls, such as AI's tendency to 'hallucinate' or generate inaccurate solutions, underscoring the need for caution and proper validation of AI-generated fixes.

This episode offers a balanced perspective on the integration of AI in application security, highlighting both its promising potential and the challenges that need to be addressed. Join us as we unravel the complexities and future of AI in AppSec, understanding how it can revolutionize the field while remaining vigilant about its limitations.

Recommended Reading from Eitan:
The Hard Thing About Hard Things by Ben Horowitz - https://www.harpercollins.com/products/the-hard-thing-about-hard-things-ben-horowitz?variant=32122118471714

FOLLOW OUR SOCIAL MEDIA:

➜Twitter: @AppSecPodcast
➜LinkedIn: The Application Security Podcast
➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Comments

In Channel

Dustin Lehr -- Culture Change through Champions and Gamification

2024-04-1645:10

Francesco Cipollone -- Application Security Posture Management and the Power of Working with the Business

2024-04-0938:11

Mukund Sarma -- Developer Tools that Solve Security Problems

2024-04-0246:32

Meghan Jacquot -- Assumed Breach Red Team Engagements for AppSec

2024-03-2040:55

Bill Sempf -- Development, Security, and Teaching the Next Generation

2024-03-1239:44

Hendrik Ewerlin -- Threat Modeling of Threat Modeling

2024-03-0533:50

Jason Nelson -- Three Pillars of Threat Modeling Success: Consistency, Repeatability, and Efficacy

2024-02-2753:52

Erik Cabetas -- Cracking Codes on Screen and in Contests: An Expert's View on Hacking, Vulnerabilities, and the Evolution of Cybersecurity Language

2024-02-1751:12

Justin Collins -- Enabling the Business to Move Faster, Securely

2024-02-0647:19

Kyle Kelly -- The Dumpster Fire of Software Supply Chain Security

2024-01-3041:17