Secure by Design: The Agentic AppSec Podcast

As AI accelerates software development, security can no longer operate as a gate at the end of the pipeline. In this episode of Secure by Design, Bill Weinberg sits down with Adi Kavaler to explore how AI is fundamentally changing engineering velocity and why security must evolve alongside it.The conversation dives into the real‑world impact of AI‑first development: faster time to market, cross‑functional feature teams, and the breakdown of long‑standing friction between builders, developers, and security. Rather than slowing innovation, embedded security and intelligent triage enable teams to ship faster and safer.This session also examines the limits of today’s AI tools: from missing context to production blind spots, and why human oversight, guardrails, and multi‑model validation remain essential. The result is a pragmatic look at how modern organizations can balance speed, quality, and trust while navigating AI‑generated code at scale.Key TakeawaysAI dramatically increases engineering velocity, but only when security is embedded from day oneFriction between development and security disappears when teams operate as a single feature unitAI‑assisted triage helps eliminate noise and prioritize the vulnerabilities that truly matterConsolidated, normalized data is essential for effective AI‑driven security decisionsAI‑generated code still requires human context, validation, and accountabilityUsing multiple AI models and guardrails improves confidence—but comes with cost tradeoffsAI excels at pre‑production security, while post‑production reasoning still needs careful oversight

How security and development teams are partnering to manage AI-generated code risk.As AI pushes development teams to ship faster and write more code, security can no longer live at the end of the pipeline. This session explores practical strategies for embedding security earlier and smarter into the modern development lifecycle. Key Takeaways:Shifting security left means catching vulnerabilities before code ever leaves the developer's machineAI-generated code still requires developer ownership, approving it means owning itContext and guardrails make AI tools more consistent and compliance friendlyAutomated pipeline scanning turns security from a bottleneck into a built in safeguardCISO and CTO alignment is critical to making secure development a shared company goalFeaturing Bill Weinberg (VP of Solution Engineering, Checkmarx), Victor Cortes (CISO, Trans Network), and David Dewaele(Director of Product, Checkmarx)  recorded live at RSA.