Ori Bendet Shares Insights on AppSec and Managing AI Risks

In this episode of Cyber Sentries, John Richards is joined by Ori Bendet, VP of Product Management at Checkmarx, a leader in application security. They explore the critical role of application security in today's digital landscape and discuss strategies for managing the risks and opportunities presented by the rapid adoption of AI in software development.

Ori shares his journey into the cybersecurity industry and offers advice for those transitioning into the field. He emphasizes the importance of focusing on areas that are business-critical, such as application security, as more companies become software-driven. Ori also discusses the shift in application security from finding every vulnerability to prioritizing the most critical risks, given the accelerated pace of development and deployment.

Questions we answer in this episode:
• How can organizations effectively prioritize application security risks?
• What are the key challenges and opportunities presented by AI in software development?
• How should security teams adapt their practices to manage AI-generated code?

The conversation delves into the disruptive impact of AI on software development and the new types of risks it introduces, such as AI hallucination, data poisoning, and prompt injection. Ori stresses the importance of a layered approach to securing AI-generated code and the need for organizations to assess their specific use cases and risks before defining policies and tools.

Key Takeaways:
• Application security is critical as companies become increasingly software-driven.
• Focus on prioritizing the most critical risks rather than trying to find every vulnerability.
• Adopt a layered approach to securing AI-generated code and keep the human in the loop.

This episode offers valuable insights for anyone looking to understand the evolving landscape of application security and the impact of AI on software development. Ori's expertise and practical advice make this a must-listen for security professionals, developers, and business leaders alike.

Links & Notes

• Check out Checkmarx
• The Stanford Research on Secure Code Generated by GenAI Solutions
• Learn more about Paladin Cloud
• Got a question? Ask us here!

• (00:00) - Welcome to Cyber Sentries
• (00:56) - Meet Ori Bendet
• (02:31) - Advice When Thrust Into Cyber Security
• (04:34) - Application Security
• (07:37) - Opportunities for Growth
• (09:58) - Shift to Business Risk
• (12:28) - Making Assessment
• (16:08) - Core Cybersecurity Principals
• (20:31) - Restrictions Needed?
• (23:17) - Using AI in Checkmarx
• (27:57) - Give Them What Matters Most
• (29:40) - Wrap Up