LLMs are helping devs write code, but is it secure code? How are LLMs helping appsec teams? Keith Hoodlet returns to talk about where he's seen value from genAI, where it fits in with tools like source code analysis and fuzzers, and where its limitations mean we'll be relying on humans for a while. Those limitations don't mean appsec should dismiss LLMs as a tool. It means appsec should understand how things like context windows might limit a tool's security analysis to a few files, leaving a security architecture review to humans.
Segment resources:
- https://securing.dev/posts/ai-security-reasoning-and-bias/
- https://seclists.org/dailydave/2025/q1/0
- https://arxiv.org/pdf/2409.16165
- https://arxiv.org/pdf/2410.05229
- https://nicholas.carlini.com/writing/2025/thoughts-on-future-ai.html
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-323
Popular Podcasts
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
24/7 News: The Latest
The latest news in 4 minutes updated every hour, every day.
Therapy Gecko
An unlicensed lizard psychologist travels the universe talking to strangers about absolutely nothing. TO CALL THE GECKO: follow me on https://www.twitch.tv/lyleforever to get a notification for when I am taking calls. I am usually live Mondays, Wednesdays, and Fridays but lately a lot of other times too. I am a gecko.