Finding a Use for GenAI in AppSec: A Deep Dive

As artificial intelligence (AI) continues to revolutionize various industries, its applications in application security (AppSec) are becoming increasingly relevant. In this episode of ASW, we're joined by Keith Hoodlet to explore the role of Large Language Models (LLMs) in AppSec and how they can complement existing tools like source code analysis and fuzzers.

The Rise of LLMs in Code Generation

LLMs have been making waves in the developer community, helping to generate code faster and more efficiently. However, this raises an important question: is the generated code truly secure?

To understand the answer, we need to delve into the capabilities and limitations of LLMs. These models are trained on vast amounts of text data and can generate code snippets that seem intelligent and even human-like.

AppSec Teams and LLMs: A Growing Partnership

So, how are AppSec teams leveraging LLMs in their work? According to Keith Hoodlet, he's seen value in using LLMs for tasks like code analysis and vulnerability assessment.

"LLMs can provide a high-level understanding of the codebase," says Keith. "They can help identify potential vulnerabilities and suggest fixes. However, it's essential to remember that these models are only as good as their training data."

Context Windows: A Limitation of LLMs

Keith highlights an important limitation of LLMs: context windows. These limitations mean that the analysis is often restricted to a few files, leaving security architecture reviews to humans.

"This means that while LLMs can provide valuable insights into specific parts of the codebase," says Keith, "they may not be able to detect vulnerabilities in other areas. That's where human expertise comes in."

The Future of AppSec: Human-AI Collaboration

So, what does this mean for the future of AppSec? According to Keith Hoodlet, it's clear that LLMs and humans will need to work together.

"We're not going to replace human security architects with AI models anytime soon," says Keith. "But we can use LLMs to augment our efforts, providing valuable insights and suggestions for improvement."

Resources

For more information on AI security reasoning and bias, check out this article: AI Security Reasoning and Bias

Additionally, Keith recommends exploring these resources:

• Security-related news
• Academic paper on AI security
• Academic paper on AI vulnerability assessment
• Keith's thoughts on the future of AI in AppSec

Get the Latest from ASW

Don't miss out on the latest episodes of ASW! Visit securityweekly.com/asw for all the latest news, interviews, and insights from the AppSec community.