An Enigma machine, used for enciphering messages during World War II

Photo by Christian Lendl on Unsplash

The halting problem is a famous example of a decision problem in computing.

It asserts that, given a piece of software, it’s impossible to know if appsec will ever stop making checklists about it.

Keeping Up With the OWASP GenAI Project (ep. 381)

Speed is the most common theme among developers and appsec teams working with LLMs and agents, from trying to keep up with patterns for deploying agents to dealing with more code at a faster pace to how the latest models impact code quality and security. The OWASP GenAI Project is helping organizations keep up with these changes and engaging the appsec community for sharing effective ways to keep systems secure. Scott Clinton shares the latest progress on the project, its roadmap for the year, and how appsec practitioners can shape its future.

Why Basic Security Practices Still Work (ep. 382)

If you have to ditch your entire appsec strategy because you expect 2026 to bring more vulns more quickly, then you probably didn’t have a good strategy in the first place. Rob Allen shares how the mentality of “assume breach” doesn’t have to be a defeatist attitude and can instead be a way to change a catastrophic breach into a more contained one. We also talk about proactive security and what an “avoid breach” attitude could look like, including how to apply the macro lessons of default deny and network isolation to writing secure code.

This was a sponsored interview.

The State of AI & AppSec (ep. 383)

This year has seen a growing gap between long-established secure design fundamentals and burgeoning chaos of LLM-driven vuln discovery. Keith Hoodlet returns to share his latest observations on what the recent news about Mythos, models, and harnesses means for appsec. He walks through the problems of misalignment, the potential development doom that looms behind a volume of vulns, and what modern code creation looks like. Along the way we touch on the economics of tokens and the principles behind secure software. Keith gave a preview of his upcoming presentation (May 22nd) on these topics.

AppSec Conversations on Agents, LLMs, and OWASP from RSAC (ep. 384)

We showcase recordings from this year's RSAC Conference.

Scott Clinton, Co-Chair and co-founder of the OWASP GenAI Security Project, shares insights from the project’s latest research, including new landscape guides and evolving approaches to securing generative and agentic AI systems. The conversation explores critical gaps in genAI data security, the rise of agent-assisted development, and the immense growth of the OWASP community and sponsor ecosystem. Looking ahead, he outlines the most urgent risks and priorities shaping AI and agentic security in 2026.

Then Merritt Maxim discusses how AI is affecting Identity and Access Management. Expect to hear this topic a lot throughout 2026, especially as the industry tries to figure out what’s different or special about securing agent identities.

We close with a chat with Janet Worthington about the impact of agents on the SDLC and how orgs are updating their controls to deal with code generated by humans and LLMs alike.

Subscribe to catch these episodes and more! Then go check out the previous recap.