I had the opportunity to join an incredible panel at SecTor (a Black Hat event) in Toronto alongside Chad Breslin, Brett Grady, and Ian Hassard. We dove into the world of Vibe Coding! What it is, the risks it introduces, and how to use AI to write safer, more secure code.
This video shares my key takeaways and perspective from the session. The full panel video will be available soon — stay tuned!
So what is “Vibe Coding”?
It’s when most of your code is being written by AI and you’re more of a collaborator than an author. The developer goes back and forth with the model to build a working app, but might not fully understand every piece of code. We unpacked what that means for security, trust, and responsibility in software development.
Shifting Security Left… with AI?
We talked about how to embed security earlier in an AI-included SDLC — even before code is generated. I shared how using MPC servers trained on secure code, plus following your organization’s secure coding guidelines, can help keep AI-generated code aligned with best practices.
Spotting “Shadow AI”
We also tackled the growing problem of Shadow AI (when devs quietly use unapproved models or tools). From IAM controls to static analysis tools (like Semgrep CE), we talked about ways to detect and prevent unvetted AI use.
The New Role of Developers
Developers aren’t just writing code anymore; they’re reviewing, debugging, and troubleshooting what AI generates. It’s changing so fast. We’re even seeing new job titles emerge, like ‘AI Debug Engineer‘, focused on making sure those AI-created pieces fit together correctly.
Secure Prompting & Standards
Good outputs start with good prompts! We discussed the importance of prompt engineering, building prompt libraries aligned to org policies, and the need for secure AI dev standards. This is something I’m actively working on right now as part of a Secure SDLC framework for AI (with privacy sprinkled in, of course!).
I had a blast on this panel, and can’t wait to share more in my SecTor talk tomorrow about secure coding guidelines (including my work toward having them adopted by the Canadian government)!
