David Spark

Quote, why pay a vendor $300,000 for a software composition analysis tool when you can build a tailored version during your lunch break?

End quote.

Ross Young, who is with the CISO Tradecraft, laid out the transformational potential.

We've moved from SaaS to service as software, and LLMs have turned plain English into functional code.

Every business analyst is now potentially a Gulp developer.

So if anyone can vibe code a security tool, how does code review even begin, Andy?

And if we built it by describing intent in plain English, can we secure it the same way?

Can we?

I like that.

All right.

Can security solutions be vibe coded, Danny?

But then also, let me just push back a little bit.

Can't you use AI, say, where are the, because this is something that I've used AI, but not in security, is where are the areas that I need to be thinking about to secure this piece of software that I haven't considered?

And can't the AI start to answer questions like that?

Andy, when we did the recording during B-Sides, this came up and I asked both Mike Johnson, who's the CISO of Rivian, and Sarah Madden, who's the CISO of Convera, are you dropping solutions by creating an AI solution of your own?

And they said, yes.

Are you seeing this pattern happening?

No, I haven't.

No, but they did say that they were kicking some.

And it may be like what you described earlier.