Security Weekly Podcast Network (Audio) Inside the OWASP GenAI Security Project - Steve Wilson - ASW #352
34 snips
Oct 14, 2025 
Steve Wilson, Chief Product Officer at Exabeam and founder of the OWASP GenAI Security Project, dives into the growing intersection of generative AI and cybersecurity. He explains how the project expanded beyond just developers to serve various audiences. Wilson highlights the significant challenges posed by prompt injection and its unique nature compared to traditional injection flaws. He shares insights on preparing CISOs for AI-enhanced adversaries and emphasizes the need for durable defenses. The discussion also touches on the evolving role of AppSec in organizational risk management.
AI Snips
Chapters
Books
Transcript
Episode notes
LLMs Are Tuned For Coding, Not AppSec
- Modern LLMs focus R&D on code generation with curated corpora and synthetic datasets.
- Labs are training high-end coders, not AppSec specialists, so security-specific behavior lags.
Automate Routine Vulnerability Fixes
- Use LLMs to automatically fix routine findings so humans need not argue about trivial remediation.
- Automate low-risk vulnerability fixes and reserve human review for architecture and complex issues.
Context Limits Cap Architecture Help
- LLMs struggle with large codebase architecture due to limited context windows.
- They boost skilled engineers' productivity but cannot yet autonomously refactor massive systems safely.
