Share
))
HBO and The Ringer's Bill Simmons hosts the most downloaded sports podcast of all time, with a rotating crew of celebrities, athletes, and media staples, as well as mainstays like Cousin Sal, Joe House, and a slew of other friends and family members who always happen to be suspiciously available.
…
continue reading
Manage episode 512902825 series 2833920
Content provided by Elevano. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Elevano or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://staging.podcastplayer.com/legal.
Rick Doten, cybersecurity startup advisor and AI researcher, joins the show to unpack how AI-assisted development is reshaping software—and what it means for security. From startups rushing to ship faster code to the unseen risks of “vibe coding,” Rick explains how engineering teams can balance innovation with secure, resilient design.
If your dev team is using AI tools to boost velocity, this conversation might change how you think about your SDLC, code review, and even your threat model.
Key Takeaways
• AI-assisted coding speeds up output but can multiply security risks if context isn’t baked in.
• Startups often trade speed for security early on—and that can be expensive to unwind later.
• Traditional fundamentals like OWASP and BSIMM still apply, even as architectures evolve with agents and MCP.
• AI creates a widening gap between companies that can secure their models and those that can’t.
• “Vibe coding”—non-devs using AI to build—introduces a new wave of shadow code leaders must prepare for.
Timestamped Highlights
[02:09] The real range of how startups are using AI-assisted tools—and why security is often an afterthought.
[05:12] Why AI-generated code is not just another form of third-party code.
[09:40] The hidden risk: code volume grows faster than your ability to secure it.
[15:51] How AI is widening the gap between resource-rich enterprises and everyone else.
[18:25] The new fragility of systems—where architecture and resilience start to break.
[22:07] Rethinking SDLC: integrating AI tools without losing security fundamentals.
[25:29] “Vibe coding” and what happens when non-engineers start shipping code.
Memorable Insight
“AI isn’t lazy like humans—it doesn’t just fix one thing. It rewrites everything. That’s why every line has to be re-scrutinized.”
Pro Tips
If your startup doesn’t have a dedicated security function yet, start with the basics: integrate OWASP checks into your CI/CD, use non-human accounts correctly, and automate code review gates early. Don’t wait until production to harden your systems.
Call to Action
If this episode sparked ideas for your dev or security team, share it with someone who’s experimenting with AI-assisted tools. Follow The Tech Trek for more conversations at the intersection of engineering, AI, and leadership.
550 episodes
