On July 26th, Cycode hosted a webinar to discuss the burgeoning use of AI and Large Language Models (LLMs) in generating code. We explored the intersection of innovation and risk, focusing on the security threats concealed in AI-generated code. The main issue discussed was the generation of code with hardcoded secrets like API keys or database credentials by these models, and how this risk can be managed across organizations.
Visit this link to gain access to the recording.
Julie Peterson, Sr. Product Marketing Manager, and Lotem Guy, VP of Product, explained about recent security incidents involving the exposure of hardcoded secrets, including a breach from Amazon. To help mitigate this, our presenters outlined a model for hardcoded secrets maturity; beyond basic detection, enterprises must have a proactive risk-management policy in place for secrets, especially in the age of AI. The webinar highlighted effective and efficient methods and tools for managing secrets in code generated by LLMs. This way, developers can enjoy the increase in efficiency that AI promises, and AppSecs can ensure risks are mitigated.
Beyond that, strategies were discussed for training and fine-tuning LLMs to minimize the risk of hardcoded secrets exposure. Visit the link above to see the full webinar.
The bottom line is this: AI can help us innovate, but it also requires an evolution of security best practices. Speaking of which…
AI Search Now Enabled in Cycode Documentation
We now feature the capacity for AI-based searches in our product documentation—a revolutionary feature powered by readme.io’s Owlbot AI. With natural language queries, contextual understanding, enhanced filtering, and rich results, finding information is now effortless and intuitive. Say goodbye to time-consuming searches and embark on a seamless knowledge discovery journey.
Note: Your privacy and data are important to us, so we wanted to let you know that when you use this AI based search, no personal information is collected and your query data will not be used to train or improve AI models.
This is one way we can harness the power of LLMs in coding without compromising security.
Stay tuned for future webinars in our AppSec Secrets series, and tune in live to benefit from interaction from our presenters, all of whom will be experts in the world of cybersecurity and the SLDC. If you’re interested in learning more about Cycode’s capabilities for hardcoded secrets detection, visit this link.
Originally published: August 17, 2023