S07E05 - Navigating AI in Application Security: Insights from Kyle Hankins

Plunge into the thrilling world of application security with Kyle Hankins, a seasoned expert in the field. In a riveting conversation, Kyle delves into the intricate dance between red team offense and blue team defense strategies, unraveling how they shape the backbone of robust app security. But here's where it gets even more fascinating – AI's emerging role in this high-stakes domain. With AI being a hotly debated topic in both application and network security, Kyle sheds light on its potential pitfalls and promises. Join us for this deep dive with Kyle Hankins, where we peel back the layers of this complex, ever-evolving landscape.

0:00 Intro
1:09 Kyle's background
6:28 Differences in security testing
8:11 Mobile app testing and SAST
13:02 SAST vs DAST
19:33 Culture change in infosec
21:06 Shifting to the left
23:44 Security an AI
29:25 Reducing time to the X
36:25 AI to estimate more accurate time to fix
39:42 Faster detection rates
40:47 The good and bad with AI predictions
55:22 AI without metacognition and laziness
1:04:28 OWASP LLM Top 10
1:05:53 Whitehouse executive order on AI
1:09:26 Speaking like an LLM
1:14:24 Reducing dwell time
1:19:24 SAST and LLMs
1:22:57 Threat modeling and IAST
1:38:58 Non-determinism and static rules
1:44:56 Outro