Content Albert is Following

Where do new collaboration tools (Microsoft Teams, etc.) sit within your organization?

Applications

Enterprise Architecture

Information Security

Shared Services

Other

View Results

How much has virtual work affected org structure at your organization?

Not at all

Barely

Somewhat

Complete Overhaul

View Results

AI Coding Assistants: Velocity or Vulnerability?

Latest research reveals a hidden feedback loop threatening software security:
The Evidence: • ≈33% of Copilot suggestions echo CWE Top-25 flaws (Asare et al., 2024) • ~50% of LLM code snippets contain exploitable bugs (CSET, 2024) • Developers with AI help feel more confident while shipping less secure code (Stanford, 2023)
The Systemic Risk: Flawed AI output is pushed to public repositories, polluting the next model's training data—risk compounding with every release cycle.

What leading teams are doing this quarter:
1. Audit AI-tool usage and establish approved lists
2. Insert AI-aware SAST (e.g., Snyk Code, Semgrep Assistant) into IDEs and CI/CD pipelines
3. Adopt OWASP LLM Top 10 + MAESTRO for threat modeling
4. Track percentage of AI-generated code and its defect rates

Question: How are you measuring AI-generated technical debt today, and what is your plan to stop it from becoming tomorrow's supply-chain crisis?

Share metrics or tools that worked for you.

Ukraine’s CERT-UA just exposed how real AI-powered cyber threats have become. The LAMEHUG malware used Hugging Face’s Qwen model to generate attack commands in real time, one click and every PDF on a laptop gets exfiltrated. Detection is nearly impossible when malware writes fresh commands on demand.

Is your team monitoring LLM API usage or training SOC analysts to spot prompt-generated threats? What steps are you taking to prepare for AI-powered adversaries?

Full details: https://cert.gov.ua/article/6284730

Does your organisation have a formalised threat hunting programme? If so - what were the key drivers for you in setting one up and what made it successful?

If not - what is stopping you from setting this up?

Read More Comments
Albert Evans, Chief of Information Security at ISO New England Inc. at ISO New England Inc. | Gartner Peer Community