The DevSecOps Talks Podcast #84 - AI for DevSecOps: Current Wins and Ongoing Gaps
Sep 30, 2025
The hosts dive into whether AI can enhance software security, discussing its practical applications and existing limitations. They explore how AI aids developers without replacing them, assessing code security and improving static analysis. The conversation covers AI's role in securing the software supply chain, automating dependency patching, and threat detection through log patterns. They stress the importance of human oversight in incident response and share practical tools while cautioning against the rapid proliferation of AI tools.
AI Snips
Chapters
Transcript
Episode notes
Give Precise Prompts And Involve Domain Experts
- Tell AI precisely what you want and structure prompts based on how the underlying code works.
- If you lack domain knowledge, involve someone who understands the system before trusting AI outputs.
Misplaced Trust In Unverified AI Code
- A friend asked AI to write Python and assumed it worked without testing.
- That misunderstanding led him to think programmers were unnecessary.
Contextual Analysis Cuts False Positives
- AI can reduce false positives by reasoning about code context and actual function usage.
- Static scanners should evolve to check whether vulnerable functions are actually invoked in the codebase.