AI is transforming software security across the development lifecycle by enabling autonomous vulnerability remediation, real-time secure coding guidance, and supply-chain hardening. Startups and established vendors are embedding AI into devops and devsecops pipelines and into AI-native IDEs to accelerate delivery while attempting to improve trust and speed. Large language models are used to surface "shadow-patched" vulnerabilities that lack CVEs, and hardened base images aim to prevent certain CVEs from appearing in scans. Providers emphasize both the potential benefits and the urgent need for governance, model visibility, and controls to mitigate risks from AI-generated code.
From autonomous vulnerability remediation to real-time scrutiny of AI-generated code, AI is impacting security at every stage of the software development process. At Black Hat USA 2025 and DEF CON 33, the mood among application security vendors was equal parts optimism and urgency. Across the show floors and presentations, one theme stood out: AI is no longer just a buzzword or a bolt-on feature; it's becoming the foundation of modern software security.
From autonomous vulnerability remediation to AI governance, these startups and established players are embedding intelligence into every layer of the devops and devsecops pipeline. Vendors waxed enthusiastic about AI's promise to accelerate software delivery and security and warned of the equally real risks of getting it wrong. As Snyk's head of developer and security relations, Randall Degges, said, "Wouldn't it be cool if security could just be an immediate part of coding, something developers never even think about?"
For some, that means using large language models to uncover "shadow-patched" vulnerabilities that never receive CVEs. "Even if you do absolutely nothing wrong, your app can still be vulnerable because of the open-source supply chain," said Mackenzie Jackson, developer advocate at Aikido Software, which has found hundreds of such hidden flaws. Others focus on cleaning the foundation itself. Chainguard's "farm-to-table" approach to hardened base images ensures that certain CVEs "never show up on scans," according to Dustin Kirkland, Chainguard VP of engineering.
Collection
[
|
...
]