Security Weekly Podcast Network (Audio) Modern AppSec that keeps pace with AI development - James Wickett - ASW #372
Mar 3, 2026
James Wickett, CEO of Dry Run Security and AppSec practitioner who builds AI-powered security agents. He discusses how LLMs introduce new vulnerability types and speed up code creation. He explains multi-agent AI code review, cross-file and cross-repo analysis, and why AppSec teams must adopt AI and stronger fundamentals to keep up.
AI Snips
Chapters
Books
Transcript
Episode notes
AI Tools Can Outperform Legacy Scanners
- LLM-based tools often outperform older pattern-match scanners on both new and classic bugs.
- James was surprised AI tooling bested legacy tools even on SQLi/SSRF cases during testing.
Create A Baseline Context For Differential Reviews
- Provide baseline context (cross-repo/auth maps) so differential PR reviews can be accurate.
- Dry Run builds a baseline of app context then analyzes merges/PRs against that baseline to find multi-file or cross-repo auth issues.
Context And Prompting Remain Important
- Prompting and context matter: stuffing the context window and using specs/agents.md improves results.
- James warns many-agents plus many-people working on the same code can amplify hallucinations and inconsistencies.
