Tanya Janca on AI Slop, Vibe Coding, & the Future of AppSec (redmonk.com)

Tanya Janca, a Secure Coding and AI Trainer at SheHacksPurple, discussed the transformative yet precarious impact of AI on application security in a recent conversation with Kate Holterhoff. Janca metaphorically likened the current state of software development to "driving a car at three times the speed limit after 25 beers," highlighting that many developers rely heavily on AI-generated code without the necessary training to review it for security flaws. This has led to rapid code releases that often lack adequate security measures, as AI models were trained on subpar examples from the internet, perpetuating the notion that security is non-essential. The conversation touched on several pressing issues, including the pitfalls of using existing application security tools with AI, the potential collapse of the bug bounty economy, and the challenges of supply chain security. Janca emphasized the shortcomings of relying on AI for security without sufficient contextual understanding, coining the term "context collapse" to describe how AI struggles to retain the necessary background information that experienced developers would possess. Additionally, she introduced a free AI secure coding prompt library aimed at helping developers write more secure code, demonstrating her commitment to enhancing the security landscape while embracing new technologies.