AI in AppSec: Strengths, Weaknesses, and Non-Determinism cover art

AI in AppSec: Strengths, Weaknesses, and Non-Determinism

AI in AppSec: Strengths, Weaknesses, and Non-Determinism

Listen for free

View show details

About this listen

Finding vulnerabilities in modern web apps using Claude Code and OpenAI Codex | Semgrep," focuses on a security research experiment conducted by Semgrep to assess the effectiveness of AI Coding Agents, specifically Anthropic's Claude Code and OpenAI Codex, in identifying vulnerabilities within real-world web applications. The research highlights that while these AI tools can find genuine security flaws, they suffer from high false positive rates and significant non-determinism, meaning they produce inconsistent results with repeated scans. Semgrep also details its comprehensive security platform, which offers various tools like static application security testing (SAST), software supply chain analysis (SCA), and secrets detection, aiming to provide more reliable and consistent code security solutions.




Send us a text

Support the show


Podcast:
https://kabir.buzzsprout.com


YouTube:
https://www.youtube.com/@kabirtechdives

Please subscribe and share.
No reviews yet
In the spirit of reconciliation, Audible acknowledges the Traditional Custodians of country throughout Australia and their connections to land, sea and community. We pay our respect to their elders past and present and extend that respect to all Aboriginal and Torres Strait Islander peoples today.