Evolving Your AppSec Program in the Era of AI | The AI Appsec Nightmare

Format:
Dual (2-talk) and Hybrid (in-person and online) event

In-person location:
Startuptive
123 Edward St, Suite 205 (2nd Floor), Toronto, ON, Toronto, ON M5G 1E2

Note: In-person attendance to 70 people, in a first-come, first-serve basis.
Doors will open at 6:00 PM, with the event will start at 6:30 PM (EDT).
For those who cannot attend in person, please join us virtually via the livestream!

Presentation #1: Evolving Your AppSec Program in the Era of AI - Matt Brown

AI is already transforming how software is built—but for security teams, it’s mostly just making life harder. Developers are shipping AI-generated code at breakneck speed, while security teams struggle to keep up. The challenge isn’t just securing AI-generated code and systems—it’s evolving your AppSec program to keep pace with software development.

We'll explore how security teams can evolve their programs across two key dimensions: securing AI-driven software development and using AI to enhance security workflows. You’ll learn:

• Strategies for managing risks from AI-generated code and autonomous agents
• How security teams can use AI to reduce work and improve security outcomes
• Where AI can enhance security—and where human expertise remains irreplaceable.

AI isn’t just a security challenge; it’s a chance to build a smarter, more efficient security program. Join us to learn how to make AI work for security, not against it.

Presentation #2: The AI Appsec Nightmare - Jeff Hoff

The era of AI-powered attackers is no longer theoretical. Autonomous and semi-autonomous tools are now capable of identifying, exploiting, and adapting to vulnerabilities at a scale and speed that surpass human capacity. This talk explores the implications of a world where AI-driven threats are a permanent part of the landscape.

We begin with a candid look at the current state of application security, where manual processes and outdated risk models struggle to keep pace with modern development. At the same time, AI-generated code is entering environments at an unprecedented rate, often with little to no review, expanding the attack surface in ways few organizations are prepared for.

Compounding the problem is a growing wave of global regulations pushing organizations to demonstrate security readiness, often without providing practical paths to achieve it. Within this context, the traditional approach of prioritizing and fixing only critical and high-severity issues is breaking down. Attackers, especially those leveraging AI, no longer view low or medium vulnerabilities as difficult hurdles. Most vulnerabilities should now be treated as easily exploitable.

This session offers a sharp, forward-looking assessment of the challenges ahead and outlines key shifts that application security teams must make to stay relevant and effective in the age of AI.