Episode 4 - the Role of AI in Application Security
Hacking with AI  

In this episode of AppSec AIwaves, host James Berthoty speaks with Joseph Thacker, Principal AI Engineer at AppOmni, touching on his career journey and growth in cybersecurity. They then explore how to effectively leverage AI for cybersecurity, offering valuable insights and practical hacking tips. Joseph also discusses how AI and LLMs can boost creativity in tasks like testing and bug bounties by offering a variety of solutions. To maximize AI's effectiveness, Joseph emphasizes the importance of providing it with extensive context, ensuring the AI tool has a clear understanding of what’s being evaluated. When applying AI to active web applications, he highlights the need for a decision-making core that can effectively process key elements such as the host, path, and other contextual information. This deeper understanding enables AI to make more accurate and informed assessments, enhancing its overall performance in cybersecurity tasks.

On utilizing AI for security purposes, Joseph suggests:

Simple AI tools can still offer value:
Basic tools like AI code scanners can yield surprisingly good insights, even without complex static analysis.

Scaling AI security tools to enterprise grade is challenging:
Moving from decent results to fully validated, enterprise-grade findings is very difficult.

Customer expectations for AI pen testing:
They want it to be cheaper, better, faster, or more frequent than human pen testing. 

HOST
James Berthoty
Founder, Latio Tech

GUEST
Joseph Thacker, Principal AI Engineer
AppOmni