Why Security Can Be Stricter: A Zero Trust Approach to AppSec with AI | Mend.io
Is AI making application security easier or harder? We spoke to Amit Chita, Field CTO at Mend.io, the rise of AI agents in the Software Development Lifecycle (SDLC) presents a unique opportunity for security teams to be stricter than ever before. As developers increasingly use AI agents and integrate LLMs into applications, the attack surface is evolving in ways traditional security can't handle. The only way forward is a Zero Trust approach to your own AI models. Join Ashish Rajan and Amit Chita as they discuss the new threats introduced by AI and how to build a resilient security program for this new era.
Chapters
00:00 Intro: Why AI makes security stricter
01:00 AI-powered vs AI-native (definitions & impact)
04:30 SDLC with agents: speed, volume, and testing shifts
09:12 Guardrails that scale (zero-trust patterns)
14:16 New attack surface: prompt/indirect injection & business logic
16:07 Licensing: model vs data, terms, and surprises
19:37 Shadow AI inside the SDLC (what to look for)
23:06 Why AI-specific testing & AI red teaming
31:29 Real threats: typosquatting for LLMs, malicious prompts
35:29 Regulation status & what to do now
36:24 AI red teaming vs DAST in practice
40:45 Mend focus, takeaways, wrap
You’ll learn:
- AI-powered vs AI-native apps (and why it matters for AppSec)
- Zero-Trust for AI: assume breach, contain impact, verify behaviors
- SDLC changes: agent-written code, faster reviews, test at AI speed
- New risks: prompt injection, business-logic abuse, shadow AI in SDLC
- Licensing 101: model licenses vs data licenses (and gotchas)
- AI red teaming (black-box) vs traditional DAST—what to actually test
🔔 Subscribe for more practical AppSec insights:
https://www.youtube.com/channel/UCLgzXoXJ-TGO-y7Eh9quDUQ
📺 Watch Next:
- ️ Secrets of AppSec Champions Podcast: https://www.youtube.com/playlist
- ️ Our Customers’ Success Stories & Reviews: https://youtube.com/playlist
- ️ OWASP Top 10 LLM is Dead: Here's Why: https://youtu.be/Wet1tkt1eAw
- ️ Mend.io Product Overview Demo: https://youtu.be/HfZ3uK-Eg5c
- ️ The Truth Behind Successful Security Operations Centers (SOC): https://youtu.be/XMlrxoIJVXg
🌐 Connect with Us:
🔗 Website: https://www.mend.io
🐦 Twitter: https://twitter.com/mend_io
📘 Facebook: https://www.facebook.com/mendappsec
💼 LinkedIn: https://www.linkedin.com/company/2440656
📜 Disclaimer:
This video is for educational purposes only. Mend.io is not responsible for any security decisions made based on this content.
#appsecurity #cybersecurity #techpodcast