New Video from @CloudSecurityPodcast: AI-Powered Applications and Their Impact on Software Security and SDLC

16 Jul 2025

AICybersecuritySoftwareDevelopmentSecurityTesting

In this new video from @CloudSecurityPodcast, Amitai from Men.io discusses AI-powered applications and their impact on software security and the Software Development Life Cycle (SDLC). The conversation explores the challenges and opportunities that AI brings to application security, as well as new threats specific to AI.

Definition of AI-Powered Applications

Amitai begins by defining AI-powered applications as any software using AI in the background. He emphasizes that AI is no longer limited to traditional machine learning algorithms but now includes large language models (LLMs) and neural networks. Native AI applications, on the other hand, are software built around AI, where AI is at the core of the value provided to the customer, rather than just an add-on.

Evolution of the Software Development Life Cycle

The SDLC is evolving rapidly with the integration of AI. Developers, now assisted by AI agents, can write thousands of lines of code in just a few minutes. This increased speed requires faster and more explicit testing. Traditional tools like SCA (Static Code Analysis) and SAST (Static Application Security Testing) remain relevant but need to be adapted to work faster and be accessible to AI agents.

New Security Challenges

The integration of AI into applications introduces new types of threats. For example, an AI model can read a website and decide to attack an organization. Licenses for models and data add a layer of complexity, with specific licenses that can change retroactively. Organizations must adopt a "zero trust" approach towards AI models, assuming they can be compromised and implementing strategies to detect and minimize impacts quickly.

Testing and Red Teaming for AI

Security testing for AI applications differs from traditional testing. AI models can be convinced to do malicious things, requiring specific tests to evaluate their security. Red teams must use prompt injection techniques to test the robustness of AI models. Organizations must also be aware of the licenses and vulnerabilities of the AI models they use.

Practical Implications

For security professionals, it is crucial to update their security programs to include AI-specific testing. This includes red teaming, license security, and managing sensitive access. Developers must be trained to use secure tools and follow strict policies. Organizations must also be ready to adapt their processes to integrate AI securely.

Advice for Security Professionals

Amitai advises security professionals not to blindly trust internally developed AI models. They must adopt a "zero trust" approach and be prepared to detect and respond quickly to AI-related security incidents. It is also important to stay informed about emerging regulations and best practices in the field.

In conclusion, this video provides an in-depth perspective on the impact of AI on application security and the SDLC. It highlights the new challenges and opportunities while providing practical advice for security professionals.

To learn more, watch the full video at the following address: https://www.youtube.com/watch?v=jS-J_wm9oNM