AI Is Writing the Code - Can Security Keep Up? | How to Secure Agentic IDEs from Dev to CI/CD | Mend

AI coding agents are exploding in use—but are they quietly shipping exploitable code? In this webinar, we break down real data, real incidents, and a practical blueprint for securing AI-accelerated development.

AI native development tools like Cursor, Devin, and GitHub Padawan are no longer just assistants - they’re becoming co-authors, architects, and in some cases, autonomous engineers. As these tools redefine how software is written and shipped, they raise critical questions about how we manage and secure modern codebases.
In this thought-provoking session, Amit Chita, Field CTO, and Daniel Wyrzykowski, Product Manager from Mend.io, will explore the rapidly evolving intersection of AI first software development and application security. With deep expertise in both domains, they’ll examine emerging patterns, hidden risks, and what the future might demand of security teams and engineering leaders.
Join us as we explore:
The AI IDE revolution - how intelligent dev agents are rewriting the rules of software creation and pushing the SDLC into uncharted territory
Code you didn’t write, but must secure - why AI generated code is forcing us to rethink trust, testing, and traditional review processes
Security workflows on the edge - what breaks, what bends, and what survives when AI enters the pipeline
Human vs. machine oversight - navigating the new power dynamic between developers, automation, and integrated toolchains

What you’ll learn:

• Direct vs. indirect risks from AI-generated code
• Glitch tokens & LLM prompt-injection in the wild
• “Package slop-squatting” (LLM-hallucinated deps) and supply-chain risk
• Why faster MTTR matters when exploits land in hours, not weeks
• A modern SDLC: security checks at generation time + CI/CD

Chapters

00:00 – Welcome & format

00:29 – 2022–2023 inflection: AI coding rises, traffic shifts

01:27 – Scale check: public repos using agentic IDEs

02:21 – Two risk buckets: direct vs. indirect

03:53 – Thesis: AI ≠ secure by default (yet)

04:19 – Research roundup: SAST + manual review findings

07:04 – Bigger models: more working apps… and more insecure ones

10:45 – Real incident: vibe/AI app exposing backend credentials

12:01 – Indirect risk #1: glitch tokens → prompt injection

18:28 – Indirect risk #2: LLM package “slop-squatting” (hallucinated deps)

22:58 – Exploit speed: why MTTR is your north-star metric

24:19 – New SDLC: secure at generation + secure at merge

26:14 – Fast vs. thorough checks; MCP/agent guardrails

29:49 – Program recommendations & “train the agent,” not just people

37:55 – About Mend AI & platform overview

38:42 – Q&A: tools, accountability, PDF/agent permissions

50:17 – Should teams use AI coding agents?

51:13 – Early notes on GPT-5 & security tasks

53:33 – Cultural shifts for GenAI era

55:30 – Wrap-up

🔔 Subscribe for more practical AppSec insights:
https://www.youtube.com/channel/UCLgzXoXJ-TGO-y7Eh9quDUQ

Mend.io, formerly known as Whitesource, has over a decade of experience helping global organizations build world-class AppSec programs that reduce risk and accelerate development - using tools built into the technologies that software and security teams already love. Our automated technology protects organizations from supply chain and malicious package attacks, vulnerabilities in open source and custom code, and open-source license risks. With a proven track record of successfully meeting complex and large-scale application security needs, Mend.io is the go-to technology for the world’s most demanding development and security teams. The company has more than 1,000 customers, including 25 percent of the Fortune 100, and manages Renovate, the open source automated dependency update project. For more information, visit www.mend.io, the Mend.io blog, and Mend.io on LinkedIn and Twitter.

📺 Watch Next:

• ️ Secrets of AppSec Champions Podcast: https://www.youtube.com/playlist
• ️ Our Customers’ Success Stories & Reviews: https://youtube.com/playlist
• ️ OWASP Top 10 LLM is Dead: Here's Why: https://youtu.be/Wet1tkt1eAw
• ️ Mend.io Product Overview Demo: https://youtu.be/HfZ3uK-Eg5c
• ️ The Truth Behind Successful Security Operations Centers (SOC): https://youtu.be/XMlrxoIJVXg

🌐 Connect with Us:
🔗 Website: https://www.mend.io
🐦 Twitter: https://twitter.com/mend_io
📘 Facebook: https://www.facebook.com/mendappsec
💼 LinkedIn: https://www.linkedin.com/company/2440656

📜 Disclaimer:
This video is for educational purposes only. Mend.io is not responsible for any security decisions made based on this content.

#appsecurity #cybersecurity #techwebinar