Secure by Design: The Agentic AppSec Podcast

The Hidden Blind Spots of AI: A CTO's Perspective

As AI accelerates software development, security can no longer operate as a gate at the end of the pipeline. In this episode of Secure by Design, Bill Weinberg sits down with Adi Kavaler to explore how AI is fundamentally changing engineering velocity and why security must evolve alongside it. The conversation dives into the real‑world impact of AI‑first development: faster time to market, cross‑functional feature teams, and the breakdown of long‑standing friction between builders, developers, and security. Rather than slowing innovation, embedded security and intelligent triage enable teams to ship faster and safer. This session also examines the limits of today’s AI tools: from missing context to production blind spots, and why human oversight, guardrails, and multi‑model validation remain essential. The result is a pragmatic look at how modern organizations can balance speed, quality, and trust while navigating AI‑generated code at scale. Key Takeaways * AI dramatically increases engineering velocity, but only when security is embedded from day one * Friction between development and security disappears when teams operate as a single feature unit * AI‑assisted triage helps eliminate noise and prioritize the vulnerabilities that truly matter * Consolidated, normalized data is essential for effective AI‑driven security decisions * AI‑generated code still requires human context, validation, and accountability * Using multiple AI models and guardrails improves confidence—but comes with cost tradeoffs * AI excels at pre‑production security, while post‑production reasoning still needs careful oversight

Shift Left, Stay Secure: AI's Impact on the Development Lifecycle

How security and development teams are partnering to manage AI-generated code risk. As AI pushes development teams to ship faster and write more code, security can no longer live at the end of the pipeline.  This session explores practical strategies for embedding security earlier and smarter into the modern development lifecycle.   Key Takeaways: * Shifting security left means catching vulnerabilities before code ever leaves the developer's machine * AI-generated code still requires developer ownership, approving it means owning it * Context and guardrails make AI tools more consistent and compliance friendly * Automated pipeline scanning turns security from a bottleneck into a built in safeguard * CISO and CTO alignment is critical to making secure development a shared company goal Featuring Bill Weinberg (VP of Solution Engineering, Checkmarx), Victor Cortes (CISO, Trans Network), and David Dewaele(Director of Product, Checkmarx)  recorded live at RSA.