Why Auto-Fixing Vulnerable Code Needs More Than Good Intentions - Spyros Gasteratos

youtube
Why Auto-Fixing Vulnerable Code Needs More Than Good Intentions - Spyros Gasteratos When Vibes Don’t Build: Why Auto-Fixing Vulnerable Code Needs More Than Good Intentions - Spyros Gasteratos This talk was recorded at NDC Manchester in Manchester, England. #ndcmanchester #ndcconferences #developer #softwaredeveloper Attend the next NDC conference near you: Subscribe to our YouTube channel and learn every day: / @NDC Follow our Social Media! #applicationsecurity #security "Developers deal with a lot of noise, why don't we use AI to fix some security bugs?" These were famous last words before we tried to use LLMs to fix potential vulnerabilities on our codebase. The AI’s hilarious fix? Delete the function. Problem solved. In this talk, I’ll share our failures and successes in building an agentic auto-remediation suggestion system for code vulnerabilities. We'll talk about how we threw everything at it: zero-shot classifiers, tree of thought prompting and reflexion loops. The AI responded by suggesting 200-line refactors for SQL injections or marking serious vulnerabilities as “false positives.” Turns out, RAG and prompting aren’t enough. We needed constraint-based action planning, feedback loops from real developer behavior, and multi-agent workflows that argued with each other before touching code. This is a story of over-engineering, humbling failures, and finally, a path to practical AI-assisted remediation that developers actually trust. You’ll laugh, cringe, and leave with a clear understanding of what it takes (and wha
  2026/01/29      youtube

Our Tag

adobe alibaba amazon android appian aws azure bitcoin chrome clojure confluence crowdstrikd datadog deno django docker docusign facebook fastly firebase flask flutter gcp github gitlab golang google ibm instagram iot iphone javascript kotlin kubernetes metabase microsoft mongodb netflix nintendo node.js nosql nttdata okta oracle panasonic pandas python react saas salesforce selenium servicenow shopify slack sony sql square tencent tsla twilio twitter typescript ubuntu uipath unity vscode vue.js yahoo zoom zscaler

最近投稿されたプログラミング学習動画

How presenting a project to industry partners got Alison and Cindy invited to GitHub Universe

How presenting a project to industry partners got Alison and Cindy inv

github

Sometimes, sharing your projects with in...

  2026/01/31
This could change the way you code!

This could change the way you code!

DevLaunch is my mentorship program where...

  2026/01/30
Getting into computer science thanks to a supportive teacher and skipping a favorite class

Getting into computer science thanks to a supportive teacher and skipp

In this episode of the podcast, Cindy te...

  2026/01/30
Start using MCP in DevTools today!

Start using MCP in DevTools today!

DevTools now also offers an MCP server w...

  2026/01/29
This is how AI has simplified my life!

This is how AI has simplified my life!

DevLaunch is my mentorship program where...

  2026/01/29
Observing AI Applications with OpenLit and OpenTelemetry - Carly Richmond

Observing AI Applications with OpenLit and OpenTelemetry - Carly Richm

This talk was recorded at NDC Manchester...

  2026/01/29
Why Auto-Fixing Vulnerable Code Needs More Than Good Intentions - Spyros Gasteratos

Why Auto-Fixing Vulnerable Code Needs More Than Good Intentions - Spyr

When Vibes Don’t Build: Why Auto-Fixing ...

  2026/01/29
Prompting LLMs to use Tools and Resources with MCP - Richard Brough - NDC Manchester

Prompting LLMs to use Tools and Resources with MCP - Richard Brough -

This talk was recorded at NDC Manchester...

  2026/01/29
Breaking and Protecting GitHub IssueOps Pipelines - Alexander Barabanov - NDC Manchester 2025

Breaking and Protecting GitHub IssueOps Pipelines - Alexander Barabano

github

This talk was recorded at NDC Manchester...

  2026/01/29
Designing Scalable, Secure Data Architectures for AI at Enterprise Scale - Chisom Nwokwu

Designing Scalable, Secure Data Architectures for AI at Enterprise Sca

Design

The Trust Stack: Designing Scalable, Sec...

  2026/01/29
Your AI Is Still Biased (Even After You Checked) - Dr. Neda Maria Kaizumi - NDC Manchester 2025

Your AI Is Still Biased (Even After You Checked) - Dr. Neda Maria Kaiz

This talk was recorded at NDC Manchester...

  2026/01/29
Your Resume Isn't The Problem...

Your Resume Isn't The Problem...

DevLaunch is my mentorship program where...

  2026/01/29
How can you, as a dev, get the most out of AI tools?

How can you, as a dev, get the most out of AI tools?

How can you, as a dev, get the most out ...

  2026/01/29
Building a multi-user productivity app | Code, Commit, Deploy, Repeat (S1E1)

Building a multi-user productivity app | Code, Commit, Deploy, Repeat

Watch as we build a fully functional nat...

  2026/01/29
Can you use frameworks to build a Chrome Extension?

Can you use frameworks to build a Chrome Extension?

chrome

Explore the benefits and considerations ...

  2026/01/28
This is how I've been using AI recently.

This is how I've been using AI recently.

DevLaunch is my mentorship program where...

  2026/01/28