As more developers turn to LLMs to generate code, more appsec teams are turning to LLMs to conduct security code reviews. One of the biggest themes in all the discussion around LLMs, agents, and code is speed -- more code created faster. James Wickett shares why speed continues to pose a challenge to appsec teams and why that's often because teams haven't invested enough in foundational appsec principles.

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw-372

Journalists put a lot of effort into collecting information and protecting their sources, but everyone can benefit from having a digital environment that's more secure and more privacy protecting. Runa Sandvik shares her experience working with journalists and targeted groups to craft plans for how they use their devices and manage their information. And she also makes the point that the burden of security should not be just for users -- platforms and software providers should be evaluating secure defaults and secure designs that improve protections for everyone.

Resources

• https://techcrunch.com/2025/03/13/apples-lockdown-mode-is-good-for-security-but-its-notifications-are-baffling/
• https://www.glitchcat.xyz/p/lessons-learned-from-the-2021-arrest
• https://gijn.org/resource/introduction-investigative-journalism-digital-security/
• https://cpj.org/

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw-371

A major premise of appsec is figuring out effective ways to answer the question, "What security flaws are in this code?" The nature of the question doesn't really change depending on who or what wrote the code. In other words, LLMs writing code really just means there's mode code to secure. So, what about using LLMs to find security flaws? Just how effective and efficient are they?

We talk with Adrian Sanabria and John Kinsella about the latest appsec articles that show a range of results from finding memory corruption bugs in open source software to spending an inordinate amount of manual effort validating persuasive, but ultimately incorrect, security findings from an LLM.

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw-370