Liran Tal

Can Machines Dream of Secure Code? Emerging AI Security Risks in LLM-driven Developer Tools

Your AI coding assistant is trained on flawed public code. Learn how it might be suggesting critical vulnerabilities like path traversal and XSS into your project.

Can Machines Dream of Secure Code? Emerging AI Security Risks in LLM-driven Developer Tools
#1about 5 minutes

How simple code can hide critical vulnerabilities

A real-world NoSQL injection vulnerability in the popular Rocket.Chat project demonstrates how easily security flaws are overlooked in everyday development.

#2about 3 minutes

The evolution of how developers source their code

Developer workflows have shifted from copying code from Stack Overflow to using npm packages and now to relying on AI-generated code from tools like ChatGPT.

#3about 3 minutes

Understanding the fundamental security risks in AI models

AI models introduce unique security challenges, including data poisoning, a lack of explainability, and vulnerability to malicious user inputs.

#4about 2 minutes

When commercial chatbots are misused for coding tasks

Examples from Amazon and Expedia show how publicly exposed LLM-powered chatbots can be prompted to perform tasks far outside their intended scope, like writing code.

#5about 8 minutes

How AI code generators create common security flaws

AI tools like ChatGPT can generate functional but insecure code, introducing common vulnerabilities such as path traversal and command injection that developers might miss.

#6about 3 minutes

AI suggestions can create software supply chain risks

LLMs may hallucinate non-existent packages or recommend outdated libraries, creating opportunities for attackers to publish malicious packages and initiate supply chain attacks.

#7about 8 minutes

Context-blind vulnerabilities from IDE coding assistants

AI coding assistants can generate correct-looking but contextually insecure code, such as using the wrong sanitization method for HTML attributes, leading to XSS vulnerabilities.

#8about 1 minute

How AI assistants amplify insecure coding patterns

AI coding tools learn from the existing project codebase, meaning they will replicate and amplify any insecure patterns or bad practices already present.

#9about 1 minute

Mitigating AI risks with security tools and awareness

To counter AI-generated vulnerabilities, developers should use resources like the OWASP Top 10 for LLMs and integrate security scanning tools directly into their IDE.

Related jobs
Jobs that call for the skills explored in this talk.

Matching moments

How AI coding assistants impact developer skills
19:57 MIN

How AI coding assistants impact developer skills

Navigating the Future of Junior Developers in Tech

The limitations and security risks of AI-generated code
19:57 MIN

The limitations and security risks of AI-generated code

Navigating the Future of Junior Developers in Tech

Understanding the security risks of AI-generated code
17:12 MIN

Understanding the security risks of AI-generated code

Exploring AI: Opportunities and Risks in Development

Understanding the security risks of AI-generated code
09:25 MIN

Understanding the security risks of AI-generated code

WeAreDevelopers LIVE – Building on Algorand: Real Projects and Developer Tools

Managing security risks of AI-assisted code generation
08:03 MIN

Managing security risks of AI-assisted code generation

WWC24 - Chris Wysopal, Helmut Reisinger and Johannes Steger - Fighting Digital Threats in the Age of AI

Understanding AI security risks for developers
00:20 MIN

Understanding AI security risks for developers

The AI Security Survival Guide: Practical Advice for Stressed-Out Developers

How AI coding assistants are impacting developer skills
12:02 MIN

How AI coding assistants are impacting developer skills

Using all the HTML, Running State of the Browser and "Modern" is Rubbish

The security risks of AI-generated code
00:03 MIN

The security risks of AI-generated code

A hundred ways to wreck your AI - the (in)security of machine learning systems

Featured Partners

Related Videos

See all videos
Panel discussion: Developing in an AI world - are we all demoted to reviewers? WeAreDevelopers WebDev & AI Day March202547:35

Panel discussion: Developing in an AI world - are we all demoted to reviewers? WeAreDevelopers WebDev & AI Day March2025

Laurie Voss, Rey Bango, Hannah Foxwell, Rizel Scarlett & Thomas Steiner

The AI Security Survival Guide: Practical Advice for Stressed-Out Developers30:36

The AI Security Survival Guide: Practical Advice for Stressed-Out Developers

Mackenzie Jackson

Livecoding with AI31:39

Livecoding with AI

Rainer Stropek

The transformative impact of GenAI for software development and its implications for cybersecurity25:19

The transformative impact of GenAI for software development and its implications for cybersecurity

Chris Wysopal

Beyond the Hype: Building Trustworthy and Reliable LLM Applications with Guardrails29:00

Beyond the Hype: Building Trustworthy and Reliable LLM Applications with Guardrails

Alex Soto

Let’s write an exploit using AI21:01

Let’s write an exploit using AI

Julian Totzek-Hallhuber

Exploring AI: Opportunities and Risks in Development35:01

Exploring AI: Opportunities and Risks in Development

Angie Jones, Kent C Dobbs, Liran Tal & Chris Heilmann

Prompt Injection, Poisoning & More: The Dark Side of LLMs23:24

Prompt Injection, Poisoning & More: The Dark Side of LLMs

Keno Dreßel

From learning to earning

Jobs that call for the skills explored in this talk.

AI Engineer

AI Engineer

Amaris

Azure
Python
PyTorch
Grafana
TensorFlow
+5