What Rebuilding a Poetry Site Taught Me About AI and Security
Details
You must register and pay to attend:
https://www.eventbrite.com/e/what-rebuilding-a-poetry-site-taught-me-about-ai-and-security-tickets-1986106980443
### Topic One: Quoth the AI: “Nevermore” — What Rebuilding a Poetry Site Taught Me About AI and Security
Edward Bonver spent weeks rebuilding a 25-year-old website with thousands of poems using AI (Claude Code in Visual Studio Code on Windows) as my coding partner. The AI wrote clean, confident code, passed its own reviews, and introduced changes that caused production outages — including a bad deployment and data routing issues.
This talk shares real examples from a real codebase: where AI hallucinates, where it skips steps, and how to build guardrails that actually work. We’ll cover input validation, output encoding, dependency minimization, and rollback planning — grounded in the OWASP Top 10 and the OWASP Top 10 for LLMs — and what actually improved (and didn’t) after those failures.
You’ll leave with a practical framework for building with AI without needing to trust it blindly, along with lessons from rebuilding at scale and safely introducing new features under AI-assisted development.
Who Should Attend:
Anyone whose team is adopting AI-assisted development: web developers, application security practitioners, IT auditors, digital asset managers, and technical leaders responsible for reliability and security.
What You’ll Learn:
- How AI-generated code fails in real systems (hallucinations, skipped steps)
- How to write security requirements AI can actually enforce
- Where AI hallucinations, platform assumptions, and dependency risks show up
- How to design guardrails: validation, encoding, and dependency minimization
- How to plan rollback and recovery when AI introduces production issues
- A practical framework for using AI as a development partner without trusting it blindly
Speaker One: Edward Bonver
Edward, CISSP, CSSLP, is a seasoned cybersecurity leader with more than 25 years of experience spanning software development, assurance, and product security. His background includes roles at Raytheon Technologies, Symantec, Digital Equipment Corporation, Veritas Technologies, and Arctera. Over the course of his career, he has worked across a wide technical spectrum, from developing real-time operating systems and networking protocols to building and leading enterprise-scale product security programs.
A recognized software security evangelist and product cybersecurity subject matter expert, Edward regularly speaks at global software industry security events and contributes to security community forums and industry alliances.
Edward served on the SAFECode Board of Directors, representing Symantec and Raytheon Technologies, and contributed actively to SAFECode working groups and publications.