There is no doubt that AI is changing the way we build software. The AI revolution is happening around us with AI code assistants/generators, AI-assisted code reviews and even AI embedded directly into your IDE. Even if we wanted to prevent it, it seems impossible to stop developers from utilizing these exciting shiny new tools.

The benefit is clear, massive increases in productivity…. The cost is also just as clear, security.

So how (un)secure is AI-generated code? This presentation will utilize a combination of live demos and novel research to try and get down to the bottom of that very question.

First we explore AI-generated code and the many ways it can make us vulnerable, from static coding issues to hallucinated packages, and even hard-coded credentials. We will explore the different tools and share statistics on what AI dev tool produces the most secure code.

In the next part of the presentation, we will dive into research that shows an increase in the number of vulnerabilities we are seeing, per line of code, and if AI is responsible for this. We will also explore a change in the type of vulnerabilities seen over the past 5 years and how AI has altered this.

The last part of the presentation will explore how we can combat insecure AI-generated code and if AI can be effectively used to combat this.

If you want to know how we can reap the benefits of AI without sacrificing security then this talk is for you.