Brad Geesaman - Redefining AppSec with AI: Shrinking Toil, Expanding Impact - How LLMs are able to reduce toil in triage-heavy AppSec workflows

The Application Security Podcast

The Application Security Podcast
Brad Geesaman - Redefining AppSec with AI: Shrinking Toil, Expanding Impact - How LLMs are able to reduce toil in triage-heavy AppSec workflows
Oct 28, 2025 Season 12 Episode 20
Chris Romeo and Robert Hurlbut

Brad Geesaman, Principal Security Engineer at Ghost, joins the podcast today to explore how AI and large language models are transforming the world of application security. The discussion starts with the concept of "toil"—the repetitive, exhausting work that drains AppSec teams as they struggle to keep up with mountains of security findings and alerts. Brad shares his insights on how LLMs can provide meaningful leverage by handling the heavy lifting of triage, classification, and evidence gathering, while keeping humans firmly in the loop for final decisions. They also discuss the seismic shift happening in the AppSec market, with AI-native approaches potentially disrupting traditional security tooling. Listen along to hear more about the future of secure coding and how artificial intelligence might finally give security teams the helicopter view they need to fight fires effectively.



FOLLOW OUR SOCIAL MEDIA:

➜Twitter: @AppSecPodcast
➜LinkedIn: The Application Security Podcast
➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Episode Artwork Brad Geesaman - Redefining AppSec with AI: Shrinking Toil, Expanding Impact - How LLMs are able to reduce toil in triage-heavy AppSec workflows 42:19 Episode Artwork OWASP Candidate Debate - 2025 Edition 1:08:09 Episode Artwork Francesco Cipollone - Agentic AI Manifesto 33:19 Episode Artwork Simon Gibbs & Devika Gibbs -- Building Bridges with Games 36:03 Episode Artwork Akansha Shukla - Modern AppSec: Securing APIs with Threat Modeling and DevSecOps 35:35 Episode Artwork Getting Ready for the EU CRA 40:46 Episode Artwork Marisa Fagan - Measuring Security Culture 50:05 Episode Artwork Aram Hovsepyan -- Your Security Dashboard is Lying to You: The Science of Metrics 40:52 Episode Artwork Sean Varga -- OWASP Top 10 for AppSec Sales 47:13 Episode Artwork Sarah-Jane Madden -- What AI means for AppSec 37:59 Episode Artwork Dag Flachet -- Kaizen for your Appsec Program 35:54 Episode Artwork Javan Rasokat and Andra Lezza -- When Chatbots Go Rogue - Lessons Learned from Building and Defending LLM Applications 47:31 Episode Artwork Jim Routh -- The CISO Transition to the rest of life 49:36 Episode Artwork Henrik Plate -- OWASP Top 10 Open Source Risks 38:26 Episode Artwork Tanya Janca -- A Secure SDLC from a Developer's Perspective 48:54 Episode Artwork Mehran Koushkebaghi -- Security as a Systemic Concern: How to develop Anti-Requirements 45:08 Episode Artwork Kalyani Pawar -- Shaping AppSec at Startups 39:52 Episode Artwork Milan Williams -- AppSec Metrics 36:16 Episode Artwork MO Sadek -- Building an AppSec Program from Scratch 48:50 Episode Artwork Brett Crawley -- Threat Modeling Gameplay with EoP 45:28 Episode Artwork Matin Mavaddat - Understanding Security as a Systemic Concern: The Role of Anti-Requirements 50:20 Episode Artwork Kayra Otaner -- DevSecOps 32:46 Episode Artwork François Proulx - Arbitrary Code Execution 0-day in Build Pipeline of Popular Open Source Packages 45:31 Episode Artwork Steve Wilson -- The Developer's Playbook for Large Language Model Security: Building Secure AI Applications 36:32 Episode Artwork Jeff Williams -- Application Detection & Response (ADR) 51:28