The Application Security Podcast Brad Geesaman - Redefining AppSec with AI: Shrinking Toil, Expanding Impact - How LLMs are able to reduce toil in triage-heavy AppSec workflows
6 snips
Oct 28, 2025 
Brad Geesaman, Principal Security Engineer at Ghost, dives into how AI and large language models are revolutionizing application security. He tackles the concept of 'toil', sharing how LLMs can alleviate repetitive tasks in triage and classification, allowing security teams to focus on critical issues. Brad highlights the importance of human validation in a hybrid approach—where AI assists without fully taking over. He envisions a future where security is seamlessly integrated into the development process, making secure coding easier than ever.
AI Snips
Chapters
Transcript
Episode notes
Toil Is The Core AppSec Problem
- Toil is repetitive work without leverage that drains AppSec teams and prevents progress.
- Brad compares it to bailing a sinking boat with a thimble, showing systemic imbalance in effort versus impact.
LLMs Offer Coverage Leverage
- LLMs provide leverage by increasing coverage across languages, frameworks, and vulnerability types.
- Brad says they act like an expert developer at scale, helping understand code and trace inputs quickly.
Decompose Work For LLMs To Triage
- Break AppSec workflows into small classification, annotation, and summarization tasks for LLMs to handle reliably.
- Use those labels to shrink data sets and focus human review on the highest-value items.