OWASP Boston Chapter Meeting - July 2025

This month we will be welcoming Jerry Hoff, a lifetime member of OWASP, to our meetup. Doors open at 6:30pm and the presentation starts at 7pm. Pizza and soda will be provided.

In this session Jerry will be talking about The AI AppSec Nightmare.

The era of AI-powered attackers is no longer theoretical. Autonomous and semi-autonomous tools are now capable of identifying, exploiting, and adapting to vulnerabilities at a scale and speed that surpass human capacity. This talk explores the implications of a world where AI-driven threats are a permanent part of the landscape.
We begin with a candid look at the current state of application security, where manual processes and outdated risk models struggle to keep pace with modern development. At the same time, AI-generated code is entering environments at an unprecedented rate, often with little to no review, expanding the attack surface in ways few organizations are prepared for.
Compounding the problem is a growing wave of global regulations pushing organizations to demonstrate security readiness, often without providing practical paths to achieve it. Within this context, the traditional approach of prioritizing and fixing only critical and high-severity issues is breaking down. Attackers, especially those leveraging AI, no longer view low or medium vulnerabilities as difficult hurdles. Most vulnerabilities should now be treated as easily exploitable.
This session offers a sharp, forward-looking assessment of the challenges ahead and outlines key shifts that application security teams must make to stay relevant and effective in the age of AI.

Jerry Hoff has decades of experience in technology and security, specializing in application security at an enterprise scale. He holds a Master’s in Computer Science from Washington University in St. Louis and has evaluated the security of applications for some of the largest financial, defense, and commercial organizations in the world.

As a security entrepreneur, Jerry founded and led a static application security testing startup, which was acquired by WhiteHat Security in 2011. He has been an active member of the security community for nearly twenty years as a lifetime member and long-time volunteer with OWASP.

Jerry has held key leadership roles in global organizations, including serving as the Global Head of Security for Sony Electronics and as a Group Senior Security Architect for NTT. His expertise spans secure software development, application security strategy, and enterprise security architecture. He now leads [AppSecTraining.com](http://appsectraining.com/), a company dedicated to training organizations on secure software development. Jerry also is highly involved in cybersecurity startups, and is an investor in multiple startups and funds, and is a strategic advisor to Pixee.ai.