Check out the show notes for links to the articles we covered.

Like Standard AppSec News, But With AI

Hello Packages, Parsers, and Programs,

I feel like my joke that secure agentic coding should just have to rely on a simple clause, “But make it secure” has come back to haunt me.

In March we had more supply chain scares, but with AI.

More CI/CD mistakes, but with AI.

More vulns identified, but with AI.

And more LinkedIn posts with shallow business platitudes, but with AI.

As my intro indicates, this week was heavy with AI-related news. But the way I curated the articles was to walk through common security issues (that happened to be associated with LLMs) to security issues found by LLM-based agents to secure design principles for software, regardless of how humans used LLMs as part of the development process.

Check out this post for more details on Cloudflare's EmDash project and why I loved it as an example of the future of appsec.