Coursera Spring Sale
40% Off Coursera Plus Annual!
Grab it
Explore the security challenges introduced by AI-powered code assistance tools in this 26-minute conference talk from the Linux Foundation. Discover how AI code generation tools, while beneficial for development productivity, can inadvertently introduce vulnerabilities by suggesting insecure, misleading, or unverified dependencies due to incomplete or inaccurate context, creating new risks in the software supply chain. Examine real-world examples of AI-generated code leading to security issues and learn practical detection methods including analyzing code changes, generating AI Bills of Materials (AIBOMs), tracking unexpected dependencies, and monitoring builds for unusual behavior. Understand how to identify subtle risks such as dependency confusion by tracking package versions and changes over time. Gain insights into integrating these security checks into CI/CD pipelines without impacting development velocity, providing DevSecOps teams and developers with actionable strategies to maintain security in an AI-driven development environment.
