# The AI bugpocalypse is here. Now what? - Jack Cable, Corridor

Source: [YouTube](https://www.youtube.com/watch?v=7JgIS42mz7U)  
Feed7 permalink: https://feed7.dev/p/the-ai-bugpocalypse-is-here-now-what-jack-cable-corridor-1y20rna  
Published: Unknown  
Trust: Source Linked (source_linked)

## Why Included

AI lowers the cost of both finding and introducing vulnerabilities. Put security review inside coding-agent workflows, while using safer languages and systemic fixes to eliminate recurring bug classes.

## Source Summary

Coding models are improving at vulnerability discovery while also generating more production code. The talk cites Android memory-safety flaws falling from about **75% in 2019** to roughly **30% in 2022** as new code shifted toward memory-safe languages.

## Practical Implication

Run security checks inside the agent workflow, before a pull request or merge, rather than relying only on later review. For recurring vulnerability classes, prefer architectural controls and **memory-safe languages** that remove the class over repeated one-off patches.

## Agent-Ready Context

Coding models are improving at vulnerability discovery while also generating more production code. The talk cites Android memory-safety flaws falling from about **75% in 2019** to roughly **30% in 2022** as new code shifted toward memory-safe languages.

Run security checks inside the agent workflow, before a pull request or merge, rather than relying only on later review. For recurring vulnerability classes, prefer architectural controls and **memory-safe languages** that remove the class over repeated one-off patches.

Language guarantees cover particular bug classes, not all security failures, and model-based review can introduce its own misses. Predictions about AI reviewing most shipped code within 6–12 months are the speaker's forecast, not an observed outcome.

## Context Map

- Layer: agent
- Domains: coding, security
- Topics: coding-agents, harness-engineering, agent-reliability

## Uncertainty

- Language guarantees cover particular bug classes, not all security failures, and model-based review can introduce its own misses. Predictions about AI reviewing most shipped code within 6–12 months are the speaker's forecast, not an observed outcome.

## Agent Instruction

Use this item as source-backed context. Do not invent claims beyond the linked source. If this item conflicts with another source, call out the conflict.
