Ep. 281 AI-Powered Application Risk Management

Connect to John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/

Want to listen to other episodes? www.Federaltechpodcast.com

Today, we sat down with Chris Wysopal from Veracode to talk about how to leverage the power of AI to increase productivity in federal systems. It seems like every headline you read talks about AI speeding up the process of writing code.

However, there may be mixed messages here.

Wysopan read some academic reports that talked about vulnerabilities being introduced in human code as well as AI code.

Because this has been a concern for a while, He initiated the Gen AI Code Security report. They examined a wide range of LLMs to get a fair overview. They discovered 45% introduced vulnerabilities. What is even more shocking is this is similar to the rate from regular, old, garden variety software developers.

You can get more details from the Veracode's 2025 Gen AI Code Security Report. It details methodology and notes despite improvements in syntax; security remains a concern.

When he presented at a recent Billington Cyber Summit, he was deluged with people interested in problems with AI generated code.

The overview is Implement a centralized risk management approach to prioritize and address the most critical vulnerabilities.