Iikido Representative Discusses AI in Application Security

Fred Regbos, a representative of Iikido, explains the use of artificial intelligence in application security. LLMs (Large Language Models) enable code analysis by understanding data flow rather than simply using regular expressions, thereby facilitating the detection, triage, and automatic correction of vulnerabilities. Iikido's system generates specific fixes based on predefined remediation rules and then creates security unit tests to validate these fixes through a feedback loop. This approach applies to source code, dependencies, containers, and infrastructure as code. For dependencies, the system analyzes changelogs to identify incompatible changes and automatically modifies imports if necessary. Iikido also generates automatic changelogs for its clients. The AI models used strictly follow instructions but can creatively bypass limitations, requiring execution in an isolated environment. Regbos predicts that in the short term, developers will become more like reviewers of AI-generated code rather than direct writers.