To write secure code, be less gullible than your AI

In this episode of The Stack Overflow Podcast, host Ryan Donovan interviews Greg Foster, CTO and co-founder at Graphite, about security breaches triggered by AI code. They discuss the shift in trust and the increase in code volume due to AI, which creates bottlenecks in code review. Greg suggests that smaller code changes and better tooling can help mitigate these issues. They also explore the gullibility of AI in the face of malicious prompts and the potential for LLMs to be used as security judges. Greg emphasizes that AI should be an additive layer to existing security practices, not a replacement, and that fundamental principles of clean code and architecture are more important than ever.

Outlines

Part 1: Introduction to AI Code Security

Part 2: Best Practices and Tooling

Part 3: LLMs in Security

Part 4: Conclusion

Sign in to continue reading, translating and more.

Open full episode in Podwise

The Stack Overflow Podcast

Part 1: Introduction to AI Code Security

Introduction to AI Code Security Concerns

Trust and Volume Challenges in AI-Generated Code Review

Gullibility of AI and the Need for Security Tooling

Part 2: Best Practices and Tooling

The Importance of Small Code Changes and Stacked Code Changes

Tooling for Fast Changes and Contextual Understanding

Addressing Blind Shipping and Prompt Sanitization

Prompt Security and the Lowered Barrier to Hacking

Part 3: LLMs in Security

LLMs as Security Judges and the Trustworthiness of Security Tools

Integrating LLMs into Existing Security Practices

Addressing the Fear of Outsourcing Security Expertise to AI

The Evolving Role of Engineers and the Value of AI

Incorporating AI into Tooling and the Importance of Fundamentals

Part 4: Conclusion

Conclusion and Shoutouts

To write secure code, be less gullible than your AI

The Stack Overflow Podcast

Part 1: Introduction to AI Code Security

00:00Introduction to AI Code Security Concerns

Introduction to AI Code Security Concerns

01:11Trust and Volume Challenges in AI-Generated Code Review

Trust and Volume Challenges in AI-Generated Code Review

03:46Gullibility of AI and the Need for Security Tooling

Gullibility of AI and the Need for Security Tooling

Part 2: Best Practices and Tooling

05:28The Importance of Small Code Changes and Stacked Code Changes

The Importance of Small Code Changes and Stacked Code Changes

07:50Tooling for Fast Changes and Contextual Understanding

Tooling for Fast Changes and Contextual Understanding

09:41Addressing Blind Shipping and Prompt Sanitization

Addressing Blind Shipping and Prompt Sanitization

11:13Prompt Security and the Lowered Barrier to Hacking

Prompt Security and the Lowered Barrier to Hacking

Part 3: LLMs in Security

13:45LLMs as Security Judges and the Trustworthiness of Security Tools

LLMs as Security Judges and the Trustworthiness of Security Tools

16:24Integrating LLMs into Existing Security Practices

Integrating LLMs into Existing Security Practices

18:44Addressing the Fear of Outsourcing Security Expertise to AI

Addressing the Fear of Outsourcing Security Expertise to AI

21:21The Evolving Role of Engineers and the Value of AI

The Evolving Role of Engineers and the Value of AI

23:56Incorporating AI into Tooling and the Importance of Fundamentals

Incorporating AI into Tooling and the Importance of Fundamentals

Part 4: Conclusion

26:29Conclusion and Shoutouts

Conclusion and Shoutouts