This talk explores the transformative impact of GenAI on software development and its subsequent implications for cybersecurity. With GenAI, developers are shifting from traditional code reuse to generating new code snippets by prompting GenAI, leading to a significant change in software development dynamics. This advancement introduces new AppSec challenges as AI-generated code from LLMs trained on vulnerable OSS leads to vulnerable generated code. The higher code velocity enabled by generated code turns into higher vulnerability velocity and all the challenges velocity brings to security testing and remediation. The OSS training data set is also susceptible to data poisoning attacks. To make matters worse, developers, who should be the "person-in-the-middle", tend to trust GenAI created code more than human created code. This presentation will delve into real-world data from multiple academic studies, examining how GenAI is reshaping software security landscapes, the associated risks, and potential solutions to mitigate these emerging challenges.
Chris Wysopal is the founder and Chief Security Evangelist. Prior to joining Veracode, Chris worked as a software developer before diving into security research and security consulting. He had security research roles at several companies, including Symantec, @stake and the hacker think tank, L0pht where he was one of the original vulnerability researchers in the 1990s. He has testified on Capitol Hill in the US on the subjects of government computer security and how vulnerabilities are discovered in software. He is also the author of "The Art of Software Security Testing" published by Addison-Wesley.
