Absolute AppSec

As a heads up, Stefan and Seth are running a bit early today, so catch up with lojikil and Seth now!

Coming up at 12 Noon ET, @sethlaw is joined by @lojikil while Ken is away. Be sure to join us here: youtube.com/watch?v=ySRYhA… Send us a dm hear with an email, if you'd like to be invited into the AbsoluteAppSec slack.

vercel.com/kb/bulletin/ve… We're talking the Vercel incident first. Seth says that this is a case study into what happens when you use AI as your canvas. We're also sounding like a broken record... reminder: compliance doesn't mean you're secure.

Today on the podcast, the standard operating practice for how code gets written, reviewed, & committed is rapidly changing & affecting typical PR flows. Today, @cktricky and @sethlaw discuss, will PRs be relevant in the future? Tune in at 12 Noon ET here: youtube.com/watch?v=PDVYAw…

And we're live! If you're eager to see us off air, there is still time to register for our Harnessing LLMs training for DefCon Singapore 2026. sg.shop.defcon.org/collections/si…

Seth and Ken are running now. Seth goes over the news on trainings (Watch training.absoluteappsec.com for further updates). DEFCON Singapore has moved the Harnessing LLMs to a larger room, so there is space for more seats. Signup here: sg.shop.defcon.org/collections/si…

Coming up any minute now, @cktricky and @sethlaw are fresh off of the Kernelcon experience and have thoughts on the state of AppSec, which we're hearing mightn't be as solved as mythic claims have suggested: youtube.com/watch?v=RzUCAX…

@_kernelcon_ @sethlaw @cktricky opensourcemalware.com/blog/axios-com… Take a closer look at the circumstances of one of those exploits here:

@_kernelcon_ @sethlaw @cktricky A big topic at these conferences this year was the concept of the One True Secure Framework; meanwhile, we've seen multiple open source packages get exploited in the past two weeks. @sethlaw thinks it's gonna get worse before it gets better

There are still some seats left at our Harnessing LLMs training in person at @_kernelcon_ on April 7th/8th. Thinking about grabbing a spontaneous spot? Go to training.absoluteappsec.com to catch us in Omaha.

Ken Johnson (@cktricky ) and Seth Law (@sethlaw ) are back from BsidesSF and RSA, and consequently, they have inklings about where ainfosec (that may not be a typo) thinks it’s headed now. Catch them at 12 Noon Eastern time here: youtube.com/watch?v=Fw4xTL…

And check out Coffee, Chaos & ProdSec podcast, finding them on your preferred listening platforms here: linktr.ee/coffeechaospro…

For today's livestream, you can join us here: youtube.com/watch?v=yRckee…

Coming up at 12 Noon Eastern, @sethlaw & @cktricky engage in a podcast exchange w/ Kurt Hendle & Cameron Walters butts up against multiversal time. This livestream is either a prequel or sequel, depending on how you situate tomorrow's recorded Coffee, Chaos & Prodsec episode.

@_kernelcon_ Quick hit discussion on this link is that browser development is hard, and some AI companies aren't specialists in getting security right first: techradar.com/pro/security/t…

@_kernelcon_ Discussing the risks going forward of code-generation increasing at such high rates of speed with immature guardrails, both Ken and Seth are predicting some interesting times if we push the timeline out a year or so. Expect more of this type of exposure: trufflesecurity.com/blog/google-ap…

Today on Absolute AppSec, @cktricky and @sethlaw talk about Google tokens in the news, stealing creds from ai browsers, and more. Will we also learn that, like death and taxes, AppSec will always be with us? Tune in here to see at 12 Noon ET: youtube.com/watch?v=y7Cl46…