))
AI in AppSec: Strengths, Weaknesses, and Non-Determinism
Manage episode 504466617 series 3605659
Inhalt bereitgestellt von Kabir. Alle Podcast-Inhalte, einschließlich Episoden, Grafiken und Podcast-Beschreibungen, werden direkt von Kabir oder seinem Podcast-Plattformpartner hochgeladen und bereitgestellt. Wenn Sie glauben, dass jemand Ihr urheberrechtlich geschütztes Werk ohne Ihre Erlaubnis nutzt, können Sie dem hier beschriebenen Verfahren folgen https://de.player.fm/legal.
Finding vulnerabilities in modern web apps using Claude Code and OpenAI Codex | Semgrep," focuses on a security research experiment conducted by Semgrep to assess the effectiveness of AI Coding Agents, specifically Anthropic's Claude Code and OpenAI Codex, in identifying vulnerabilities within real-world web applications. The research highlights that while these AI tools can find genuine security flaws, they suffer from high false positive rates and significant non-determinism, meaning they produce inconsistent results with repeated scans. Semgrep also details its comprehensive security platform, which offers various tools like static application security testing (SAST), software supply chain analysis (SCA), and secrets detection, aiming to provide more reliable and consistent code security solutions.
Podcast:
https://kabir.buzzsprout.com
YouTube:
https://www.youtube.com/@kabirtechdives
Please subscribe and share.
322 Episoden
Teilen
