Finding a Use for GenAI in AppSec - Keith Hoodlet - ASW #323

LLMs are helping devs write code, but is it secure code? How are LLMs helping appsec teams? Keith Hoodlet returns to talk about where he's seen value from genAI, where it fits in with tools like source code analysis and fuzzers, and where its limitations mean we'll be relying on humans for a while. Those limitations don't mean appsec should dismiss LLMs as a tool. It means appsec should understand how things like context windows might limit a tool's security analysis to a few files, leaving a security architecture review to humans.

Segment resources:

• https://securing.dev/posts/ai-security-reasoning-and-bias/
• https://seclists.org/dailydave/2025/q1/0
• https://arxiv.org/pdf/2409.16165
• https://arxiv.org/pdf/2410.05229
• https://nicholas.carlini.com/writing/2025/thoughts-on-future-ai.html

Show Notes: https://securityweekly.com/asw-323