Liran Tal

Can Machines Dream of Secure Code? Emerging AI Security Risks in LLM-driven Developer Tools

Your AI coding assistant is trained on flawed public code. Learn how it might be suggesting critical vulnerabilities like path traversal and XSS into your project.

Can Machines Dream of Secure Code? Emerging AI Security Risks in LLM-driven Developer Tools
#1about 5 minutes

How simple code can hide critical vulnerabilities

A real-world NoSQL injection vulnerability in the popular Rocket.Chat project demonstrates how easily security flaws are overlooked in everyday development.

#2about 3 minutes

The evolution of how developers source their code

Developer workflows have shifted from copying code from Stack Overflow to using npm packages and now to relying on AI-generated code from tools like ChatGPT.

#3about 3 minutes

Understanding the fundamental security risks in AI models

AI models introduce unique security challenges, including data poisoning, a lack of explainability, and vulnerability to malicious user inputs.

#4about 2 minutes

When commercial chatbots are misused for coding tasks

Examples from Amazon and Expedia show how publicly exposed LLM-powered chatbots can be prompted to perform tasks far outside their intended scope, like writing code.

#5about 8 minutes

How AI code generators create common security flaws

AI tools like ChatGPT can generate functional but insecure code, introducing common vulnerabilities such as path traversal and command injection that developers might miss.

#6about 3 minutes

AI suggestions can create software supply chain risks

LLMs may hallucinate non-existent packages or recommend outdated libraries, creating opportunities for attackers to publish malicious packages and initiate supply chain attacks.

#7about 8 minutes

Context-blind vulnerabilities from IDE coding assistants

AI coding assistants can generate correct-looking but contextually insecure code, such as using the wrong sanitization method for HTML attributes, leading to XSS vulnerabilities.

#8about 1 minute

How AI assistants amplify insecure coding patterns

AI coding tools learn from the existing project codebase, meaning they will replicate and amplify any insecure patterns or bad practices already present.

#9about 1 minute

Mitigating AI risks with security tools and awareness

To counter AI-generated vulnerabilities, developers should use resources like the OWASP Top 10 for LLMs and integrate security scanning tools directly into their IDE.

Related jobs
Jobs that call for the skills explored in this talk.

Matching moments

How AI coding assistants impact developer skills
19:57 MIN

How AI coding assistants impact developer skills

Navigating the Future of Junior Developers in Tech

The limitations and security risks of AI-generated code
19:57 MIN

The limitations and security risks of AI-generated code

Navigating the Future of Junior Developers in Tech

Understanding the security risks of AI-generated code
17:12 MIN

Understanding the security risks of AI-generated code

Exploring AI: Opportunities and Risks in Development

Managing security risks of AI-assisted code generation
08:03 MIN

Managing security risks of AI-assisted code generation

WWC24 - Chris Wysopal, Helmut Reisinger and Johannes Steger - Fighting Digital Threats in the Age of AI

How AI coding assistants are impacting developer skills
12:02 MIN

How AI coding assistants are impacting developer skills

Using all the HTML, Running State of the Browser and "Modern" is Rubbish

The security risks of AI-generated code
00:03 MIN

The security risks of AI-generated code

A hundred ways to wreck your AI - the (in)security of machine learning systems

Understanding the security risks of AI integrations
24:53 MIN

Understanding the security risks of AI integrations

Three years of putting LLMs into Software - Lessons learned

Addressing security and reliability in AI-generated code
04:07 MIN

Addressing security and reliability in AI-generated code

Panel discussion: Developing in an AI world - are we all demoted to reviewers? WeAreDevelopers WebDev & AI Day March2025

Featured Partners

Related Videos

See all videos
Panel discussion: Developing in an AI world - are we all demoted to reviewers? WeAreDevelopers WebDev & AI Day March202547:35

Panel discussion: Developing in an AI world - are we all demoted to reviewers? WeAreDevelopers WebDev & AI Day March2025

Laurie Voss, Rey Bango, Hannah Foxwell, Rizel Scarlett & Thomas Steiner

Let’s write an exploit using AI21:01

Let’s write an exploit using AI

Julian Totzek-Hallhuber

Exploring AI: Opportunities and Risks in Development35:01

Exploring AI: Opportunities and Risks in Development

Angie Jones, Kent C Dobbs, Liran Tal & Chris Heilmann

From Syntax to Singularity: AI’s Impact on Developer Roles58:06

From Syntax to Singularity: AI’s Impact on Developer Roles

Anna Fritsch-Weninger

GenAI Security: Navigating the Unseen Iceberg24:33

GenAI Security: Navigating the Unseen Iceberg

Maish Saidel-Keesing

AI: Superhero or Supervillain? How and Why with Scott Hanselman25:17

AI: Superhero or Supervillain? How and Why with Scott Hanselman

Scott Hanselman

ChatGPT: Create a Presentation!30:24

ChatGPT: Create a Presentation!

Markus Walker

Data Privacy in LLMs: Challenges and Best Practices23:50

Data Privacy in LLMs: Challenges and Best Practices

Aditi Godbole

From learning to earning

Jobs that call for the skills explored in this talk.