YouTubeVideoSource Linked
The AI bugpocalypse is here. Now what? - Jack Cable, Corridor
AI lowers the cost of both finding and introducing vulnerabilities. Put security review inside coding-agent workflows, while using safer languages and systemic fixes to eliminate recurring bug classes.
YouTube
Source Summary
Coding models are improving at vulnerability discovery while also generating more production code. The talk cites Android memory-safety flaws falling from about **75% in 2019** to roughly **30% in 2022** as new code shifted toward memory-safe languages.
Practical Implication
Run security checks inside the agent workflow, before a pull request or merge, rather than relying only on later review. For recurring vulnerability classes, prefer architectural controls and **memory-safe languages** that remove the class over repeated one-off patches.
Agent-Ready Context
Coding models are improving at vulnerability discovery while also generating more production code. The talk cites Android memory-safety flaws falling from about **75% in 2019** to roughly **30% in 2022** as new code shifted toward memory-safe languages. Run security checks inside the agent workflow, before a pull request or merge, rather than relying only on later review. For recurring vulnerability classes, prefer architectural controls and **memory-safe languages** that remove the class over repeated one-off patches. Language guarantees cover particular bug classes, not all security failures, and model-based review can introduce its own misses. Predictions about AI reviewing most shipped code within 6–12 months are the speaker's forecast, not an observed outcome.
Context Map
agentcodingsecurity#coding-agents#harness-engineering#agent-reliabilityUncertainty
Language guarantees cover particular bug classes, not all security failures, and model-based review can introduce its own misses. Predictions about AI reviewing most shipped code within 6–12 months are the speaker's forecast, not an observed outcome.