When code is no longer written solely by humans, the way we think about application security has to change. In a recent episode of the Security Strategist podcast, host Richard Stiennon sits down with Gadi Bashvitz, CEO of Bright Security, to talk about the challenges and opportunities of securing applications in an AI-driven world. Their conversation reveals a reality many organisations are only beginning to face, and that is vulnerabilities are multiplying faster than ever, and traditional security tools aren’t keeping up. Rethinking Application Security for a New Reality Since 2018, Bright Security has been helping organisations secure their applications and APIs. Gadi Bashvitz shares that the company’s journey has always been about anticipating challenges before they become crises. “And that’s what we did from 2019 to 2024—signed up some of the world’s largest financial institutions and insurance companies, so very proud of that customer base,” he explains. But in 2024, everything changed. Customers started raising concerns about AI-assisted coding. Bashvitz recalls: “Some of those customers came to us and said, ‘Houston, we’ve got a problem. We’re starting to adopt AI-assisted coding.’ We’ve gone from a world where a developer generates 100 per cent of code and 100 per cent of vulnerabilities, to one where that developer is now generating 200 per cent of code and 600 per cent of vulnerabilities. That AI-generated code is three times more prone to vulnerabilities.” This shift exposes a fundamental truth, and that is that AI is reshaping software development, but not always in ways organisations are ready to manage. What was once a controlled DevOps process is now a rapid, high-volume environment where oversight can easily slip. The Hidden Risks of AI-Generated Code The impact is real and immediate. Marketing teams, product managers, and developers alike are generating code faster than ever, but without the traditional checks and balances. Bashvitz highlights that AI models are trained on open-source code, often without security in mind. This means vulnerabilities multiply at a rate that can overwhelm static tools or conventional security processes. Organisations are feeling the pressure daily, realising that if they don’t adapt, AI-generated vulnerabilities could outpace their ability to detect and mitigate risks. Embedding Security Into Every Step of Development So how can enterprises regain control? Bashvitz is clear: it’s not too late, but action must be deliberate. “At some point, there will be a few very, very significant hacks that will take us back,” he warns. “The key is to embed dynamic security measures directly into the development lifecycle. That’s how you catch vulnerabilities, even when code is being generated at an unprecedented scale.” Dynamic Application Security Testing (DAST) is one approach Bright Security has championed. Unlike traditional static tools, dynamic testing integrates into code repositories and runs throughout the development pipeline, from unit tests to production deployment. This approach doesn’t just mitigate risk—it empowers teams to continue innovating without being paralysed by fear of vulnerabilities. The goal is to create a balance where AI-driven productivity and robust security coexist. For more information, visit https://brightsec.com Takeaways - Bright Security was founded to address application and API security gaps. - AI-driven code generation has significantly increased the number of vulnerabilities. - Dynamic application security testing (DAST) is essential for modern development practices. - Static analysis tools often produce high rates of false positives, wasting developer time. - Organisations must adapt security practices to include both finding and fixing vulnerabilities. - The integration of AI in security tools can streamline vulnerability management. - Dynamic validation of static scan results can reduce noise in security findings. - CISOs must collaborate with DevOps teams to ensure security is integrated into development. - The rise of AI has introduced new types of vulnerabilities that need to be addressed. - Security practices must evolve to keep pace with rapid technological changes. Chapters 00:00 The Evolution of Application Security 03:41 AI's Impact on Code Generation 09:39 Challenges of Traditional Security Tools 16:31 Integrating AI in Security Solutions 21:20 Future of Security in AI-Driven Development #AIDrivenDevelopment #ApplicationSecurity #Cybersecurity #DynamicSecurityTesting #DAST #DevSecOps #SoftwareVulnerabilities #AIInSoftware #SecureCoding #enterprisesecurity

Can Your Observability Stack Handle 24/7 Agentic Query Volume?
21 views

Agentic AI is changing Cybersecurity in 2026
22 views

Coding Agents are an identity problem in 2026
20 views

Claude Mythos and the future of cybersecurity
29 views

AI Hype vs Reality: What Security Leaders Are Getting Wrong
23 views

Why Most Enterprise AI Investments Fail to Deliver ROI
25 views