Harnessing AI and proactive measures for effective management of vulnerability alerts
Recently I had the privilege of hosting a webinar where our very own CTO Matias Madou and with Mednd.io’s Sharon Kochevsky addressing Taking charge of vulnerability alerts. During the session they explored both the challenges and the solutions in handling security vulnerability alerts. In case you missed the webinar, here are a few key takeaways from their conversation. Of course, the webinar is also now on-demand here to get the full details.
Impact of AI on security
Matias incorporated the analogy of self-driving cars to explain the current state of AI creating secure software. While self-driving cars can technically drive themselves they still face problems while on the road. For instance, he referenced one situation where self-driving cars encountered a problem on the road never encountered before and would ghost break as a result. Problems will come, and it’s the human technicians that need to resolve. Similarly, if developers blindly follow AI, errors in code and vulnerabilities could come into play.
For AI to produce better output, Matias stressed the need for regularity and numerous good code examples to train developers on the AI models. While AI presently works well on generic frameworks, it falls short with real-world applications that operate on millions of code lines.
He further explained that seasoned developers could reap the benefits of generative AI for accelerated coding, but those not trained might pose a threat as they could reproduce and paste faulty codes at rapid pace.
Shifting towards proactiveness
One topic that led the discussion was the shift towards proactive actions. Rather than keeping tabs on security issues, Sharon Kochevsky advocates for enterprises and AppSec programs to take a more proactive approach with actual code fixes versus a reactive approach focused on security reporting. In line with Matias, he underscores the need to surpass purely administrative practices and focus on consequential outcomes. The panel also discussed primary areas of creating reports along with utilizing security products incorporated with real-time dashboards and issue tracking.
Bridging the gap
Sharon and Matias also identified a crucial problem that should get addressed: the disconnection between developers and security managers. Organizations and enterprises are now adding security champions to help bridge the gap. These are security pros located within the engineering team, and help promote proactive security measures.
Needless to say, we just scratched the surface on this topic and the conversation extends beyond these webinars; continuous discussion and engagement are crucial in our ever-evolving industry. If you would like to learn more or replay the session, it is now available on-demand.
Secure Code Warrior and Mend.io discuss impacts of AI on security, proactive security approaches, and effective management of vulnerability alerts.
Secure Code Warrior is here for your organization to help you secure code across the entire software development lifecycle and create a culture in which cybersecurity is top of mind. Whether you’re an AppSec Manager, Developer, CISO, or anyone involved in security, we can help your organization reduce risks associated with insecure code.
Book a demoJason is the Vice President of Corporate Marketing at Secure Code Warrior.
Recently I had the privilege of hosting a webinar where our very own CTO Matias Madou and with Mednd.io’s Sharon Kochevsky addressing Taking charge of vulnerability alerts. During the session they explored both the challenges and the solutions in handling security vulnerability alerts. In case you missed the webinar, here are a few key takeaways from their conversation. Of course, the webinar is also now on-demand here to get the full details.
Impact of AI on security
Matias incorporated the analogy of self-driving cars to explain the current state of AI creating secure software. While self-driving cars can technically drive themselves they still face problems while on the road. For instance, he referenced one situation where self-driving cars encountered a problem on the road never encountered before and would ghost break as a result. Problems will come, and it’s the human technicians that need to resolve. Similarly, if developers blindly follow AI, errors in code and vulnerabilities could come into play.
For AI to produce better output, Matias stressed the need for regularity and numerous good code examples to train developers on the AI models. While AI presently works well on generic frameworks, it falls short with real-world applications that operate on millions of code lines.
He further explained that seasoned developers could reap the benefits of generative AI for accelerated coding, but those not trained might pose a threat as they could reproduce and paste faulty codes at rapid pace.
Shifting towards proactiveness
One topic that led the discussion was the shift towards proactive actions. Rather than keeping tabs on security issues, Sharon Kochevsky advocates for enterprises and AppSec programs to take a more proactive approach with actual code fixes versus a reactive approach focused on security reporting. In line with Matias, he underscores the need to surpass purely administrative practices and focus on consequential outcomes. The panel also discussed primary areas of creating reports along with utilizing security products incorporated with real-time dashboards and issue tracking.
Bridging the gap
Sharon and Matias also identified a crucial problem that should get addressed: the disconnection between developers and security managers. Organizations and enterprises are now adding security champions to help bridge the gap. These are security pros located within the engineering team, and help promote proactive security measures.
Needless to say, we just scratched the surface on this topic and the conversation extends beyond these webinars; continuous discussion and engagement are crucial in our ever-evolving industry. If you would like to learn more or replay the session, it is now available on-demand.
Recently I had the privilege of hosting a webinar where our very own CTO Matias Madou and with Mednd.io’s Sharon Kochevsky addressing Taking charge of vulnerability alerts. During the session they explored both the challenges and the solutions in handling security vulnerability alerts. In case you missed the webinar, here are a few key takeaways from their conversation. Of course, the webinar is also now on-demand here to get the full details.
Impact of AI on security
Matias incorporated the analogy of self-driving cars to explain the current state of AI creating secure software. While self-driving cars can technically drive themselves they still face problems while on the road. For instance, he referenced one situation where self-driving cars encountered a problem on the road never encountered before and would ghost break as a result. Problems will come, and it’s the human technicians that need to resolve. Similarly, if developers blindly follow AI, errors in code and vulnerabilities could come into play.
For AI to produce better output, Matias stressed the need for regularity and numerous good code examples to train developers on the AI models. While AI presently works well on generic frameworks, it falls short with real-world applications that operate on millions of code lines.
He further explained that seasoned developers could reap the benefits of generative AI for accelerated coding, but those not trained might pose a threat as they could reproduce and paste faulty codes at rapid pace.
Shifting towards proactiveness
One topic that led the discussion was the shift towards proactive actions. Rather than keeping tabs on security issues, Sharon Kochevsky advocates for enterprises and AppSec programs to take a more proactive approach with actual code fixes versus a reactive approach focused on security reporting. In line with Matias, he underscores the need to surpass purely administrative practices and focus on consequential outcomes. The panel also discussed primary areas of creating reports along with utilizing security products incorporated with real-time dashboards and issue tracking.
Bridging the gap
Sharon and Matias also identified a crucial problem that should get addressed: the disconnection between developers and security managers. Organizations and enterprises are now adding security champions to help bridge the gap. These are security pros located within the engineering team, and help promote proactive security measures.
Needless to say, we just scratched the surface on this topic and the conversation extends beyond these webinars; continuous discussion and engagement are crucial in our ever-evolving industry. If you would like to learn more or replay the session, it is now available on-demand.
Click on the link below and download the PDF of this resource.
Secure Code Warrior is here for your organization to help you secure code across the entire software development lifecycle and create a culture in which cybersecurity is top of mind. Whether you’re an AppSec Manager, Developer, CISO, or anyone involved in security, we can help your organization reduce risks associated with insecure code.
View reportBook a demoJason is the Vice President of Corporate Marketing at Secure Code Warrior.
Recently I had the privilege of hosting a webinar where our very own CTO Matias Madou and with Mednd.io’s Sharon Kochevsky addressing Taking charge of vulnerability alerts. During the session they explored both the challenges and the solutions in handling security vulnerability alerts. In case you missed the webinar, here are a few key takeaways from their conversation. Of course, the webinar is also now on-demand here to get the full details.
Impact of AI on security
Matias incorporated the analogy of self-driving cars to explain the current state of AI creating secure software. While self-driving cars can technically drive themselves they still face problems while on the road. For instance, he referenced one situation where self-driving cars encountered a problem on the road never encountered before and would ghost break as a result. Problems will come, and it’s the human technicians that need to resolve. Similarly, if developers blindly follow AI, errors in code and vulnerabilities could come into play.
For AI to produce better output, Matias stressed the need for regularity and numerous good code examples to train developers on the AI models. While AI presently works well on generic frameworks, it falls short with real-world applications that operate on millions of code lines.
He further explained that seasoned developers could reap the benefits of generative AI for accelerated coding, but those not trained might pose a threat as they could reproduce and paste faulty codes at rapid pace.
Shifting towards proactiveness
One topic that led the discussion was the shift towards proactive actions. Rather than keeping tabs on security issues, Sharon Kochevsky advocates for enterprises and AppSec programs to take a more proactive approach with actual code fixes versus a reactive approach focused on security reporting. In line with Matias, he underscores the need to surpass purely administrative practices and focus on consequential outcomes. The panel also discussed primary areas of creating reports along with utilizing security products incorporated with real-time dashboards and issue tracking.
Bridging the gap
Sharon and Matias also identified a crucial problem that should get addressed: the disconnection between developers and security managers. Organizations and enterprises are now adding security champions to help bridge the gap. These are security pros located within the engineering team, and help promote proactive security measures.
Needless to say, we just scratched the surface on this topic and the conversation extends beyond these webinars; continuous discussion and engagement are crucial in our ever-evolving industry. If you would like to learn more or replay the session, it is now available on-demand.
Table of contents
Secure Code Warrior is here for your organization to help you secure code across the entire software development lifecycle and create a culture in which cybersecurity is top of mind. Whether you’re an AppSec Manager, Developer, CISO, or anyone involved in security, we can help your organization reduce risks associated with insecure code.
Book a demoDownloadResources to get you started
Resources to get you started
10 Key Predictions: Secure Code Warrior on AI & Secure-by-Design’s Influence in 2025
Organizations are facing tough decisions on AI usage to support long-term productivity, sustainability, and security ROI. It’s become clear to us over the last few years that AI will never fully replace the role of the developer. From AI + developer partnerships to the increasing pressures (and confusion) around Secure-by-Design expectations, let’s take a closer look at what we can expect over the next year.
OWASP Top 10 For LLM Applications: What’s New, Changed, and How to Stay Secure
Stay ahead in securing LLM applications with the latest OWASP Top 10 updates. Discover what's new, what’s changed, and how Secure Code Warrior equips you with up-to-date learning resources to mitigate risks in Generative AI.
Trust Score Reveals the Value of Secure-by-Design Upskilling Initiatives
Our research has shown that secure code training works. Trust Score, using an algorithm drawing on more than 20 million learning data points from work by more than 250,000 learners at over 600 organizations, reveals its effectiveness in driving down vulnerabilities and how to make the initiative even more effective.
Reactive Versus Preventive Security: Prevention Is a Better Cure
The idea of bringing preventive security to legacy code and systems at the same time as newer applications can seem daunting, but a Secure-by-Design approach, enforced by upskilling developers, can apply security best practices to those systems. It’s the best chance many organizations have of improving their security postures.