Security controls can be a bit of a cat and mouse game—you block one attack, new ones spring up.

Ryan Donovan

Ryan is joined by Kayvon Beykpour, CEO and founder of Macroscope, to dive into AI-powered code review’s potential for managing large codebases, the need for humans-in-the-loop for PR reviews so AI tools can efficiently and effectively debug, and how AI can increase visibility through summarization at the abstract syntax tree level and high signal-to-noise ratio code reviews.

Phoebe Sajor

Ryan is joined by David Hsu, CEO and founder of Retool, to explore how AI is transforming the role of a software developer into a software architect, the increasing accessibility of coding for non-engineers, and the importance of placing guardrails and higher-level programming primitives on AI coding assistants.

Phoebe Sajor

Ryan is joined by Greg Foster, CTO of Graphite, to explore how much we should trust AI-generated code to be secure, the importance of tooling in ensuring code security whether it’s AI-assisted or not, and the need for context and readability for humans in AI code.

Phoebe Sajor

JavaScript is the front-end of the entire internet. Because JavaScript is so prolific, it’s a prime target for attackers.

Tanya Janca

Ryan sits down with Dimitri Stiliadis, CTO and co-founder of Endor Labs, to talk about how AppSec is evolving to address AI’s use cases. They discuss the implications of AI-generated code on security practices, the importance of human oversight in managing vulnerabilities, and how organizations should be balancing security and efficiency with AI.

Phoebe Sajor

In this special episode, Ryan is joined by our Senior VP of Communities, Philippe Beaudette, and the Trust and Safety team at Stack Overflow to discuss maintaining platform integrity and managing user safety, handling complex issues like harassment, and how their team balances transparency and privacy online.

Phoebe Sajor

Ryan is joined by Jan Seredynski, Mobile Security Researcher and Pentester at Guardsquare, to talk about how you protect your app when the attackers control the code and the device it runs on.

Ryan Donovan

Avoiding bad data is just as important in AI; it can open you to fines, lawsuits, and lost customers.

Ryan Donovan

Software security expert Tanya Janca, author of Alice and Bob Learn Secure Coding and Staff DevRel at AppSec company Semgrep, joins Ryan to talk about secure coding practices.

Eira May

Can an org automate security, change its culture to up their dev velocity, and stave off burnout?

Ryan Donovan

Is your preferred programming language a matter of national security?

Ryan Donovan

The home team is joined by Kinnaird McQuaid, founder and CTO of NightVision, which offers developer-friendly API and web app security testing. Kinnaird talks about his path from school-age hacker to white-hat security expert, why it’s important to build security practices into the software development lifecycle, how GenAI is changing security testing, and what security teams need to understand about developers’ working lives.

Eira May

Ben Popper chats with Keith Babo, Head of Product at Solo.io, about how the API security landscape is changing in the era of GenAI. They talk through the role of governance in AI, the importance of data protection, and the role API gateways play in enhancing security and functionality. Keith shares his insights on retrieval-augmented generation (RAG) systems, protecting PII, and the necessity of human-in-the-loop AI development.

Eira May

Josh Zhang, a staff site reliability engineer at Stack Overflow, tells Ryan and Eira how the Stack Exchange network defends against scraping bots. They also cover the emergence of human botnets, why DDoS attacks have spiked in the last couple of years, and the constant balancing act of protecting sites from attack without inhibiting legitimate users.

Eira May

On this episode: The FTC bans most noncompete agreements, the implications of the TikTok “ban,” why a 2017 law is hitting startups with huge tax bills seven years later, and the return of net neutrality. Plus: the wunderkind hacker who ransomed Finland’s anxieties and secrets.

Eira May

In the wake of the XZ backdoor, Ben and Ryan unpack the security implications of relying on open-source software projects maintained by small teams. They also discuss the open-source nature of Linux, the high cost of education in the US, the value of open-source contributions for job seekers, and what Apple is up to AI-wise.

Eira May

The home team convenes to discuss the XZ backdoor attack, what great software engineers have in common, how GenAI is changing the face of drug development, and the rise of managed service providers for AI.

Eira May

On this episode: Eitan Worcel, CEO and cofounder of Mobb, a company that uses AI to automate security vulnerability remediation, talks about how AI can help reduce security backlogs and free up developers’ time, what security risks emerge with GenAI, and why we still need a human in the loop.

Eira May

Ben and Ryan talk about the hacker who exposed a security vulnerability in AI-powered software, security risks of smart devices, symbolic deduction engines in AI, and the programming language that features time travel.

Eira May

While there’s a lot of dangers out there, it’s not all doom and gloom; we also talk about how to mitigate these threats.

Ryan Donovan

This is part two of our conversation with Kubernetes project cofounder Craig McLuckie, whose new company helps developers build safer software by validating where code came from and that it’s been properly maintained.

Eira May

Ben and Ryan chat with Craig McLuckie, co-founder of the Kubernetes project and cofounder/CEO of Stacklok, which helps developers and open-source communities build safer, more secure software.

Eira May

The home team chats with Alex Bovee, cofounder and CEO of identity access management company ConductorOne, about balancing security and productivity in developer workflows, why tech companies have shifted everything left, and the logic behind zero trust.

Eira May