In this episode of Resilient Cyber I sit down with Anshuman Bhartiya to discuss AI-native AppSec.
Anshuman is a Staff Security Engineer at Lyft, Host of the The Boring AppSec Community podcast, and author of the AI Security Engineer newsletter on LinkedIn.
Anshuman has quickly become an AppSec leader I highly respect and find myself learning from his content and perspectives on AppSec and Security Engineering in the era of AI, LLMs and Agents.
Prefer to Listen?
Anshuman and I covered a lot of ground, including:
Anshuman’s work with “SecureVibes”, a AI-Native Security solution for Vide Coded applications, it includes 5 different AI agents to autonomously find vulnerabilities in code bases.
The battle between Offense and Defense use of AI Agents and which offers the most near-term opportunity.
How Anshuman is using LLMs to find IDOR and Authorization vulnerabilities, including for business logic scenarios that traditional SAST tools miss and what the future of AppSec tooling looks like when you combine it with AI.
The explosive growth of MCP and how it is a double-edged sword of opportunity and risk.
AI’s impact on the AppSec and Cyber workforce, where it can be a force multiplier on one hand but also potentially lead to needing less folks on the other.
Anshuman’s concept of “SecurityGPT”, or a Security Oracle that understands organizational policies, processes and context and is available to empower Developers, Engineers and Security.
