Resilient Cyber
Resilient Cyber brings listeners discussions from a variety of Cybersecurity and Information Technology (IT) Subject Matter Experts (SME) across the Public and Private domains from a variety of industries. As we watch the increased digitalization of our society, striving for a secure and resilient ecosystem is paramount.
Resilient Cyber
Resilient Cyber w/ Varun Badhwar - AI for AppSec - Beyond the Buzzwords
•
Chris Hughes
In this episode, we sit down with Varun Badhwar, Founder and CEO of Endor Labs, to discuss the state of AI for AppSec and move beyond the buzzwords.
We discussed the rapid adoption of AI-driven development, its implications for AppSec, and how AppSec can leverage AI to address longstanding challenges and mitigate organizational risks at scale.
Varun and I dove into a lot of great topics, such as:
- The rise of GenAI and LLMs and their broad implications on Cybersecurity
- The dominant use case of AI-driven development with Copilots and LLM written code, leading to a Developer productivity boost. AppSec has struggled to keep up historically, with vulnerability backlogs getting out of control. What will the future look like now?
- Studies show that AI-driven development and Copilots don’t inherently produce secure code, and frontier models are primarily trained on open source software, which has vulnerabilities and other risks. What are the implications of this for AppSec?
- How can AppSec and Cyber leverage AI and agentic workflows to address systemic security challenges? Developers and attackers are both early adopters of this technology.
- Navigating vulnerability prioritization, dealing with insecure design decisions and addressing factors such as transitive dependencies.
- The importance of integrating with developer workflows, reducing cognitive disruption and avoiding imposing a “Developer Tax” with legacy processes and tooling from security.