Secure by Design: The Agentic AppSec Podcast

The Rise of Agentic AI Security

As AI evolves from content generation into autonomous agents executing real actions, the security landscape is fundamentally shifting. In this chapter, Ken Wong breaks down why agentic AI introduces new risks, from expanded attack surfaces to non‑deterministic behavior, and why enterprises must rethink security frameworks, identity models, and governance to safely deploy these systems at scale. Key Takeaways: * Agentic AI expands attack surfaces through tool access and autonomous actions. * Deterministic control planes are critical for managing probabilistic AI behavior. * Threat modeling, risk scoring, and red teaming must evolve for AI agents. * Defining agent identity is essential for access control and incident response. * Vertical, domain‑specific agents reduce risk compared to general-purpose systems.

The Hidden Blind Spots of AI: A CTO's Perspective

As AI accelerates software development, security can no longer operate as a gate at the end of the pipeline. In this episode of Secure by Design, Bill Weinberg sits down with Adi Kavaler to explore how AI is fundamentally changing engineering velocity and why security must evolve alongside it. The conversation dives into the real‑world impact of AI‑first development: faster time to market, cross‑functional feature teams, and the breakdown of long‑standing friction between builders, developers, and security. Rather than slowing innovation, embedded security and intelligent triage enable teams to ship faster and safer. This session also examines the limits of today’s AI tools: from missing context to production blind spots, and why human oversight, guardrails, and multi‑model validation remain essential. The result is a pragmatic look at how modern organizations can balance speed, quality, and trust while navigating AI‑generated code at scale. Key Takeaways * AI dramatically increases engineering velocity, but only when security is embedded from day one * Friction between development and security disappears when teams operate as a single feature unit * AI‑assisted triage helps eliminate noise and prioritize the vulnerabilities that truly matter * Consolidated, normalized data is essential for effective AI‑driven security decisions * AI‑generated code still requires human context, validation, and accountability * Using multiple AI models and guardrails improves confidence—but comes with cost tradeoffs * AI excels at pre‑production security, while post‑production reasoning still needs careful oversight

Shift Left, Stay Secure: AI's Impact on the Development Lifecycle

How security and development teams are partnering to manage AI-generated code risk. As AI pushes development teams to ship faster and write more code, security can no longer live at the end of the pipeline.  This session explores practical strategies for embedding security earlier and smarter into the modern development lifecycle.   Key Takeaways: * Shifting security left means catching vulnerabilities before code ever leaves the developer's machine * AI-generated code still requires developer ownership, approving it means owning it * Context and guardrails make AI tools more consistent and compliance friendly * Automated pipeline scanning turns security from a bottleneck into a built in safeguard * CISO and CTO alignment is critical to making secure development a shared company goal Featuring Bill Weinberg (VP of Solution Engineering, Checkmarx), Victor Cortes (CISO, Trans Network), and David Dewaele(Director of Product, Checkmarx)  recorded live at RSA.