The DevSecOps Talks Podcast #84 - AI for DevSecOps: Current Wins and Ongoing Gaps
Sep 30, 2025
The hosts dive into whether AI can enhance software security, discussing its practical applications and existing limitations. They explore how AI aids developers without replacing them, assessing code security and improving static analysis. The conversation covers AI's role in securing the software supply chain, automating dependency patching, and threat detection through log patterns. They stress the importance of human oversight in incident response and share practical tools while cautioning against the rapid proliferation of AI tools.
AI Snips
Chapters
Transcript
Episode notes
AI Supports, Doesn’t Replace, Developer Judgment
- AI augments developers by speeding tasks but cannot replace domain understanding.
- Users must know the problem and validate AI output to ensure correctness and security.
Give Precise Prompts And Involve Domain Experts
- Tell AI precisely what you want and structure prompts based on how the underlying code works.
- If you lack domain knowledge, involve someone who understands the system before trusting AI outputs.
Misplaced Trust In Unverified AI Code
- A friend asked AI to write Python and assumed it worked without testing.
- That misunderstanding led him to think programmers were unnecessary.