Application Security Weekly (Audio)

Finding a Use for GenAI in AppSec - Keith Hoodlet - ASW #323

Mar 25, 2025

54:08

forum

Ask episode

view_agenda

Chapters

auto_awesome

Transcript

info_circle

Episode notes

LLMs are helping devs write code, but is it secure code? How are LLMs helping appsec teams? Keith Hoodlet returns to talk about where he's seen value from genAI, where it fits in with tools like source code analysis and fuzzers, and where its limitations mean we'll be relying on humans for a while. Those limitations don't mean appsec should dismiss LLMs as a tool. It means appsec should understand how things like context windows might limit a tool's security analysis to a few files, leaving a security architecture review to humans.

Segment resources:

https://securing.dev/posts/ai-security-reasoning-and-bias/
https://seclists.org/dailydave/2025/q1/0
https://arxiv.org/pdf/2409.16165
https://arxiv.org/pdf/2410.05229
https://nicholas.carlini.com/writing/2025/thoughts-on-future-ai.html

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw-323

Home Top podcasts Popular guests