As I see how search engines are incorporating LLMs, it makes me all the more eager to see their capabilities cross into the physical world.

I’d love to be able to walk into a room and just tap a wall to trigger full-room illumination through an agentic interaction.

And just imagine having a more complex agent, like if I slide my finger vertically, then the movement could be semantically translated into the amount of illumination I’m in the mood for. Plus, in the real world you have axes and dimensions, so it’d be possible to apply any of this learning to accommodate horizontal human-digital expressions.

Training is probably straightforward, to the point where I could leave lights on the entire time. In fact, I’ll probably have to so I can train a model to know the difference between a tap that means I want illumination and a tap that means I want to temporarily halt a photon-generating device. This is actually advantageous since by default I anticipate I’ll want to be able to see. So this approach will be more resilient to darkness and when the LLM worries I might hallucinate and see things in the dark.

Currently budgeting the cloud computing resources I’ll need to back a Raspberry Pi for a mockup. Confident I can get a Localized Lighting Model done fairly quickly.

We ended the year in the chill of December,

Hoping that appsec wouldn’t dim to an ember.

That instead it would burn brightly and begin to enshrine,

That good security comes by default and design.

That the page count of hardening guides will start dwindling,

And that all those top ten lists are used for just kindling.

Observability (ep. 309)

We once again turned our focus on developers, with Adriana Villela explaining why observability is more than a bunch of printfs and how generating useful logs helps security teams. She also noted that information overload can be expensive – both in delivering value and in the cost of storing data. We used OpenTelemetry as the reference for creating observability across different services and languages.

2024 Recap (ep. 310)

We reserved our second-to-last segment for a lookback on 2024. There was a mix of OWASP projects that gained momentum or stalled out. GenAI and LLMs remained in the usual suspects, although in 2025 we’ll be shifting more focus to where they actually provide appsec value rather than just revisit more prompt injection techniques. They’re becoming the new XSS payload trivia.

Identity, Usability, Transparency (ep. 311)

Finally, Hannah Sutor helped us end the year on a high note, singing the praises of useability and transparency in security. She shared her experience in changing product defaults to be more secure, the challenges in communicating changes, and the importance of understanding why different users have different needs.

At the end of the episode, I also returned to asking our guests to describe appsec in three words. Stay tuned for more discussions on designs, defaults, and maybe even some Dungeons & Dragons in 2025!

November’s ASW turned into Adrian Sanabria Weekly!

Episode 306

The month kicked off with Grant McCracken discussing bug bounties and a modern approach to pentesting. While I would still love to see the costs of fixing flaws, seeing the costs of security flaws quantified through bounties is always eye-opening. Plus, it’s always good to see other approaches to security testing that carry a more predictable budget. Now if only those bugs didn’t make it to production in the first place…

Episode 307

Melinda Marks returned to the show to talk about what modern appsec practices look like and why appsec needs to catch up to how modern apps are created. Unsurprisingly, “cloud native” comes up in the conversation, but there are important nods to orgs stuck with figuring out how to keep their legacy apps alive.

This also had a fun news segment with John Kinsella that covered everything from a very-minimum-max-critical bug to infotainment vulns to demastering pop punk like it was meant to be. (Special shout out to Adrian for keeping a music-related theme going for the show.)

Episode 308

The month wrapped up with the biometric frontiers of security, resiliency, and privacy. Adrian spoke with Andras Cser and Enza Iannopollo on the benefits of biometrics and steps to keeping them secure.

This episode also had a news segment with a ton of articles that I would have had strong reactions to, from LLMs doing everything! (lol, no) to safer C++ (positive performance, but pessimistic prospects for the language overall).

LLMs and generative AI were unavoidable appsec topics this year. Here’s a recap of some relevant articles and associated interviews.

Background

• What Is ChatGPT Doing...and Why Does It Work? — Stephen Wolfram Writings
• What is AI? - MIT Technology Review
• Everyone Is Judging AI by These Tests. But Experts Say They’re Close to Meaningless – The Markup

Prompt injection & manipulating models

• ArtPrompt: ASCII Art-based Jailbreak Attacks against Aligned LLMs – it was fun to see ASCII art appear as an attack vector
• HiddenLayer Research - Prompt Injection Attacks on LLMs – towards a shared language for describing attack techniques and failure modes
• Challenges in Red Teaming AI Systems - Anthropic
• Exploring Large Language Models: Local LLM CTF & Lab - Bishop Fox – have fun with a CTF
• Prompt Airlines – more fun from Wiz

Finding flaws & augmenting appsec

• GitHub - google/oss-fuzz-gen – leveraging LLMs to guide fuzzers. This is probably one of the most appealing and impactful uses I’ve seen
• No, LLM Agents Cannot Autonomously "Hack" Websites – a practitioner’s observations on recent research, plus this follow-up article
• Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models – promises of potential, but remains quite basic
• Using AI for Offensive Security - CSA – rather high level and has more optimism about models actually reasoning (rather than just being really sophisticated non-deterministic pattern matchers)
• DARPA awards $14 million to semifinal winners of AI code review competition
• Deconstructing the AI Cyber Challenge (AIxCC)

AI & Hype & Security (Oh My!) (ep. 284)

In segment 1, Caleb Sima demystified some of the hype around AI and pointed out how a lot of its security needs match the mundane maintenance of building software. We didn’t get into defining all the different types of AIs, but we did identify the need for more focus on identity and authenticity in a world where LLMs craft user-like content.

AI & Hype & Security (Oh My!) (ep. 284)

In segment 2, Keith Hoodlet stopped by to talk about his first-place finish in the DoD’s inaugural AI Bias bug bounty program. He showed how manipulating prompts leads to unintentional and undesired outcomes. Keith also explained how he needed to start fresh in terms of techniques since there’s no deep resources on how to conduct these kinds of tests.

Be sure to check these out for my variants on the “walks into a bar” joke.

OWASP Top 10 for LLMs (ep. 285)

The AI conversations continued with Sandy Dunn, who shared how the OWASP Top 10 for LLMs came about and how it continues to evolve. We talked about why this Top 10 has a mix of items specific to LLMs and items that are indistinguishable from securing any other type of software. It reinforced a lot of the ideas that we had talked about with Caleb the week before.

AI & Auto-Fixing Code (ep. 291)

Stuart McClure walked through the implications in trusting AI and LLMs to find flaws and fix code. The fixing part is compelling – as long as that fix preserves the app’s intended behavior. He explains how LLMs combined with agents and RAGs have the potential to assist developers in writing secure code.

A Realist Approach to Generative AI & Appsec (ep. 292)

Allie Mellen pointed out where elements of LLM might help with reporting and summarizing knowledge, but where they also fall short of basic security practices. LLMs won’t magically create an asset inventory, nor will they have context about your environment or your approach to risk. She also notes where AI has been present for years already – we just call it machine learning as applied to things like fraud detection and behavioral analysis.

October was the month when tales of terror became timely and the days took a fearful turn towards Halloween.

I love Halloween and horror movies. A favorite recent series is "The Edge of Sleep" (which originated as a podcast). The found footage genre is near and dear to my heart, so I also have to recommend "Deadstream" as another recent-ish favorite.

Zed Attack Proxy (ep. 302)

We started a new month with an old friend. Simon Bennetts returned, along with Ori Bendet, to talk about ZAP’s new collaboration with Checkmarx.

We first talked about building ZAP and its community with Simon over a year ago in episode 254. Then he and Mark Curphy stopped by in April to talk about finding sustainable funding for the project. It’s great to see ZAP now have long-term support and, as Simon explained, how that support will create new opportunities for ZAP to expand its features.

Appsec Fear in Three Words (ep. 303)

Then Kalyani Pawar joined as a new co-host! We celebrated episode 303 by having the three of us talk about striking appsec fear in three words – like, "written in Perl" or "cybersecurity awareness month"...

There was plenty of news to cover, from how many vulns legacy code can hold to how many parsers you can pack into a package. As always, John Kinsella added his insights on secure defaults, isolating resources, and wrangling repos.

Cloud Security (ep. 304)

Scott Piper shared some advice on how to ratchet up security within an org's environment, why securing clouds (and creating those guardrails) remains complex, and some tips on tracking down shadow clouds.

Creating guardrails within clouds has become a favored appsec design pattern that increases security without sacrificing development – when they're done well.

Despite all those clouds, he shed lots of light onto strategies for enacting change that makes secure defaults better for everyone!

A Scary Season of Appsec News (ep. 305)

Adrian Sanabria stopped by for our almost-Halloween episode.

The two of us talked about some appsec lessons inspired from the slow transition to IPv6, fun hardware hacking stories, and my hypothesis that on a CPU-cycle-per-CPU-cycle basis fuzzing will outshine LLMs for finding flaws.

It was also nice for Adrian to stop by since I’ll be out for a few episodes in November and he’ll be stepping in.

We won't have to change a thing. Just think of ASW as Adrian Sanabria Weekly...