LeanAppSec

AI-generated code is everywhere, but is it actually making engineering better, or just faster? Steve Wilson pointed out something interesting: code duplication in repositories has skyrocketed. Unlike human developers who refactor and reuse, LLMs tend to generate new (and often redundant) code every time. That’s technical debt on autopilot. In 12–24 months, AI coding assistants might start optimizing for maintainability and reuse. But right now? They’re built for speed, not sustainability. Are you seeing this play out in your own projects? How are you managing AI-generated technical debt? Let us know in the comments! #GenAI #AppSec #AIAppSecRisk #LLMs

Too often, security teams hold all the keys when it comes to exceptions, which just slows everything down. But the reality is, product and engineering teams have the best context to make smart risk decisions. So instead of security being the bottleneck, why not shift that decision-making closer to the teams that actually know what’s going on? Give them clear policies, the right guardrails, and let them take ownership—without compromising security. More about Raphael Theberge's 'Blocking with Confidence' Program at Relativity here: https://lnkd.in/gdnpvahm #AppSec #ExceptionHandling #cybersecurity #DevSecOps

Moveworks is Hiring: Senior Application Security Engineer II Moveworks is looking for a Senior AppSec Engineer to lead security efforts for their AI infrastructure, platform, and features. If you have experience in AppSec, Golang/Python experience, and an interest in LLM security, this could be a great opportunity for you! Apply here: https://lnkd.in/gydzJrAA #Hiring #AppSec #AI #SecurityEngineering #Moveworks

What does "lean" really mean in LeanAppSec? It's not just about doing more with less. As Jenn Gile explains, LeanAppSec is about applying lean manufacturing principles to AppSec, eliminating waste and maximizing impact. LeanAppSec sessions aim to help you: ?? Focus on real risks by mapping AppSec activities to business value ?? Create flow states with clean, efficient processes ?? Implement pull-based systems to integrate security seamlessly into the SDLC If you've implemented lean principles within your AppSec teams, and want to share your story with the community, type 'Yes' in the comments and we'll reach out to you. You could help others learn from your experience. https://lnkd.in/gmRDZb46 #LeanAppSec #AppSec #DevSec #SecOps #DevSecOps

We'll be live soon! See you there!

Giving developers standardized and clear security information at the right time pays off. This helps them focus on high priority, high value targets. At Relativity, Raphael Theberge and his team made it easier for their developers to make informed security decisions by standardizing guidance and automating validation. The result? Developers focus on high-priority risks, and security decisions become measurable in a way that makes sense—even to the business side. In this session, Raphael will share: ? How to confirm when a risk is okay to accept ? When to step in to ensure a risk is properly remediated ? How to create org-wide accountability for product security Join us to learn how AppSec can help developers make the right security decisions—without extra friction. https://lnkd.in/grXNXdPN #AppSec #DevSecOps #cybersecurity #LeanAppSec

Nearly 100% of developers use GenAI to write code—approved or not. AI is already in your pipeline. The real question: How are you securing it? At LeanAppSec Live on February 19th, we’re bringing in Steve Wilson, who literally wrote the book on LLM security and is an OWASP? Foundation project lead for the Top 10 for LLM AI Applications. In his session, Steve will break down six things you can do right away to build an LLM security program. Register now https://lnkd.in/grXNXdPN #AppSec #DevSecOps #AI #LLM

Security teams often struggle to get buy-in for AppSec initiatives—not because security isn’t important, but because the value isn’t always clear to leadership. Sri Manda, CISO of Peloton Interactive, has a solution: use metrics that matter to all stakeholders, not just security teams. When engineering, DevOps, and security all agree that a solution reduces risk and improves productivity, securing funding becomes much easier. In this session, Sri will share: ? How to identify business problems with data ? How to build a business case for new tools ? How to use cross-functional metrics to drive security decisions If you’ve ever struggled to communicate AppSec’s value to leadership, this session is for you. Register now https://lnkd.in/grXNXdPN #AppSec #DevSecOps #AppSecCommunity

Yes, we get it—shift left has been talked about for years. But we also know we need to make it work. At Relativity, Raphael Theberge and his team built the Blocking with Confidence program, helping developers to block security threats before they make it to production. It’s been incredibly effective. On February 19th, Raphael will share: - How they integrated open source and dependency scanning earlier in development - What made their approach so seamless - How you can take practical steps today to improve security without adding friction If you’re still figuring out how to embed security early without slowing developers down, this session is for you. ?? Register now: https://lnkd.in/grXNXdPN #AppSec #DevSecOps #cybersecurity #LeanAppSec

Your developers are using AI—whether you have a security plan for it or not. So what now? How do you secure LLMs while still letting teams innovate? At LeanAppSec Live on February 19th, we’re bringing in someone who literally wrote the book on LLM security: Steve Wilson, Chief Product Officer at Exabeam and OWASP? Foundation project lead for the Top 10 for LLM AI Applications. In this session, Steve will break down six things you can do right now to build an LLM security program: ??Limiting your domain ?? Knowledge management ?? Zero trust ?? Managed supply chain ?? Building an AI red team ?? Continuous monitoring If your developers are experimenting with AI (they are), it’s time to make sure they’re doing it safely. Register now https://lnkd.in/grXNXdPN #AppSec #DevSecOps #AI #LLM