Generative AI tools such as GitHub Copilot and ChatGPT seem to hold promise for developers looking to write code more efficiently and find quick answers to programming questions. But especially in these early days, carefree reliance on such tools can introduce a range of issues related to software functionality, licensing, and security. Superficially valid suggestions can result in vulnerable code that increases risk and requires additional remediation work down the line. And that’s even before considering the potential for abuse if such tools are used irresponsibly or with malicious intent.
To systematically catch vulnerabilities that AI-generated application code can introduce, your AppSec teams can use techniques like dynamic application security testing (DAST) and software composition analysis (SCA), running automatic checks in the development pipeline.
The webcast featuring Invicti will examine how DAST and other methods of application security testing and analysis can help to mitigate the security risks associated with AI-generated code. It will also warn viewers of other potential AI dangers that developers should look out for, including:
Importing AI-suggested libraries that don’t exist (but can be spoofed by malicious actors)
Privacy concerns surrounding AI engine queries
Superficially correct code that introduces business logic vulnerabilities
Possible code licensing violations.
Frank Catucci
CTO and Head of Security Research
Invicti
Frank Catucci is a global application security technical leader with over 20 years of experience, designing scalable application security specific architecture, partnering with cross-functional engineering and product teams. Frank is a past OWASP Chapter President and contributor to the OWASP bug bounty initiative and most recently was the Head of Application & Product Security at Data Robot. Prior to that role, Frank was the Sr. Director of Application Security & DevSecOps and Security Researcher at Gartner, and was also the Director of Application Security for Qualys. Outside of work and hacking things, Frank and his wife maintain a family farm. He is an avid outdoors fan and loves all types of fishing, boating, watersports, hiking, camping and especially dirt bikes and motorcycles.
Bradley Barth
Director of Community Content
CyberRisk Alliance
As director of community content at CyberRisk Alliance, Bradley Barth develops content for SC Media online conferences and events, as well as video/multimedia projects. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.