When code is no longer written solely by humans, the way we think about application security has to change. In a recent episode of the Security Strategist podcast, host Richard Stiennon sits down with Gadi Bashvitz, CEO of Bright Security, to talk about the challenges and opportunities of securing applications in an AI-driven world. Their conversation reveals a reality many organisations are only beginning to face, and that is vulnerabilities are multiplying faster than ever, and traditional security tools aren’t keeping up.

Rethinking Application Security for a New Reality

Since 2018, Bright Security has been helping organisations secure their applications and APIs. Gadi Bashvitz shares that the company’s journey has always been about anticipating challenges before they become crises. 

“And that’s what we did from 2019 to 2024—signed up some of the world’s largest financial institutions and insurance companies, so very proud of that customer base,” he explains.

But in 2024, everything changed. Customers started raising concerns about AI-assisted coding. Bashvitz recalls:

“Some of those customers came to us and said, ‘Houston, we’ve got a problem. We’re starting to adopt AI-assisted coding.’ We’ve gone from a world where a developer generates 100 per cent of code and 100 per cent of vulnerabilities, to one where that developer is now generating 200 per cent of code and 600 per cent of vulnerabilities. That AI-generated code is three times more prone to vulnerabilities.”

This shift exposes a fundamental truth, and that is that AI is reshaping software development, but not always in ways organisations are ready to manage. What was once a controlled DevOps process is now a rapid, high-volume environment where oversight can easily slip.

The Hidden Risks of AI-Generated Code

The impact is real and immediate. Marketing teams, product managers, and developers alike are generating code faster than ever, but without the traditional checks and balances. Bashvitz highlights that AI models are trained on open-source code, often without security in mind. This means vulnerabilities multiply at a rate that can overwhelm static tools or conventional security processes.

Organisations are feeling the pressure daily, realising that if they don’t adapt, AI-generated vulnerabilities could outpace their ability to detect and mitigate risks.

Embedding Security Into Every Step of Development

So how can enterprises regain control? Bashvitz is clear: it’s not too late, but action must be deliberate.

“At some point, there will be a few very, very significant hacks that will take us back,” he warns. “The key is to embed dynamic security measures directly into the development lifecycle. That’s how you catch vulnerabilities, even when code is being generated at an unprecedented scale.”

Dynamic Application Security Testing (DAST) is one approach Bright Security has championed. Unlike traditional static tools, dynamic testing integrates into code repositories and runs throughout the development pipeline, from unit tests to production deployment. This approach doesn’t just mitigate risk—it empowers teams to continue innovating without being paralysed by fear of vulnerabilities. The goal is to create a balance where AI-driven productivity and robust security coexist.

For more information, visit https://brightsec.com

Read Top 10 Best SOAR Solutions for 2024
best soar solutions

When SOAR Redefines Defense

Boards are backing SOAR to turn fragmented tools into coordinated, automated response and shrink breach impact windows across the enterprise.

Takeaways

  • Bright Security was founded to address application and API security gaps.
  • AI-driven code generation has significantly increased the number of vulnerabilities.
  • Dynamic application security testing (DAST) is essential for modern development practices.
  • Static analysis tools often produce high rates of false positives, wasting developer time.
  • Organisations must adapt security practices to include both finding and fixing vulnerabilities.
  • The integration of AI in security tools can streamline vulnerability management.
  • Dynamic validation of static scan results can reduce noise in security findings.
  • CISOs must collaborate with DevOps teams to ensure security is integrated into development.
  • The rise of AI has introduced new types of vulnerabilities that need to be addressed.
  • Security practices must evolve to keep pace with rapid technological changes.

Chapters

00:00 The Evolution of Application Security

03:41 AI's Impact on Code Generation

09:39 Challenges of Traditional Security Tools

16:31 Integrating AI in Security Solutions

21:20 Future of Security in AI-Driven Development