The transformative impact of GenAI for software development and its implications for cybersecurity

Up to 41% of AI-generated code contains security flaws. It's time to use AI to fix the problems that AI creates.

#1about 6 minutes

From vulnerability researcher to automated security founder

The speaker traces their journey from a hacker testifying before the US Senate to founding Veracode to automate application security testing.

#2about 2 minutes

Analyzing vulnerability introduction and security debt

Data shows that new vulnerabilities increase as software ages and most teams accumulate security debt by not fixing flaws within a year.

#3about 4 minutes

How generative AI is changing software development

Generative AI boosts productivity through code generation and other tasks, but its reliance on vulnerable open-source code for training data introduces significant risk.

#4about 5 minutes

Research shows GenAI tools frequently generate insecure code

Multiple academic studies reveal that 30-40% of AI-generated code contains vulnerabilities, and developers are often overconfident in its security.

#5about 1 minute

Generative AI accelerates the creation of vulnerable code

By increasing code velocity without improving security quality, generative AI leads to a higher rate of new vulnerabilities being introduced into codebases.

#6about 4 minutes

Using AI to automatically find and fix security flaws

The solution to AI-generated vulnerabilities is to use specialized AI models, trained on curated good and bad code, to automate security fixes.

#7about 2 minutes

Evaluating the risks of AI-powered security tools

When adopting AI tools for security, it is crucial to consider the trustworthiness of training data, licensing issues, IP leakage, and fix accuracy.

#8about 1 minute

Prompting for security and embracing automation

Developers should explicitly ask generative AI for secure code and integrate automated security testing and fixing tools to keep pace with development.