![]()
Why AI Changes the Risk Model for Application Security
随着AI融入开发流程,应用安全模型快速变化。传统工具未能满足需求,LLM引入新风险,团队寻求新方法以平衡安全与速度。
2026-1-7 17:53:52
Author: securityboulevard.com(查看原文)
阅读量:0
收藏
As AI becomes embedded in everyday development workflows, the security model for applications is shifting fast — and not always in ways teams are prepared for. James Wickett, CEO of DryRun Security, breaks down why “AI everywhere” is forcing organizations to rethink what application security should look like when developers are shipping faster than ever.
Wickett explains the gap he saw in the original “shift left” movement: despite years of effort, many security tools still don’t feel tangible or helpful to developers. Too often, the industry tried to retrofit legacy approaches — pattern matching and noisy findings — into modern pipelines, leaving dev teams overwhelmed and security teams stuck prioritizing work that may not map to real exploitability.
The conversation then turns to what makes AI applications different. Wickett argues that the moment you put an LLM into production, you change the risk model: you’ve introduced a probabilistic system that can access new data, take actions, and behave in ways deterministic tools weren’t designed to assess. That mismatch shows up in practice as high usage paired with low trust — developers may rely on AI assistants for speed, while still worrying about instability and security regressions.
Wickett also shares what teams are asking for now: clearer definitions of AI risk, reference architectures, and best-practice controls that cover issues like prompt injection and excessive agency. The goal isn’t to slow development down — it’s to evolve security alongside AI so teams can keep moving quickly without flying blind.
Alan Shimel
Throughout his career spanning over 25 years in the IT industry, Alan Shimel has been at the forefront of leading technology change. From hosting and infrastructure, to security and now DevOps, Shimel is an industry leader whose opinions and views are widely sought after.
Alan’s entrepreneurial ventures have seen him found or co-found several technology related companies including TriStar Web, StillSecure, The CISO Group, MediaOps, Inc., DevOps.com and the DevOps Institute. He has also helped several companies grow from startup to public entities and beyond. He has held a variety of executive roles around Business and Corporate Development, Sales, Marketing, Product and Strategy.
Alan is also the founder of the Security Bloggers Network, the Security Bloggers Meetups and awards which run at various Security conferences and Security Boulevard.
Most recently Shimel saw the impact that DevOps and related technologies were going to have on the Software Development Lifecycle and the entire IT stack. He founded DevOps.com and then the DevOps Institute. DevOps.com is the leading destination for all things DevOps, as well as the producers of multiple DevOps events called DevOps Connect. DevOps Connect produces DevSecOps and Rugged DevOps tracks and events at leading security conferences such as RSA Conference, InfoSec Europe and InfoSec World. The DevOps Institute is the leading provider of DevOps education, training and certification.
Alan has a BA in Government and Politics from St Johns University, a JD from New York Law School and a lifetime of business experience.
His legal education, long experience in the field, and New York street smarts combine to form a unique personality that is always in demand to appear at conferences and events.
alan has 133 posts and counting.See all posts by alan
文章来源: https://securityboulevard.com/2026/01/why-ai-changes-the-risk-model-for-application-security/
如有侵权请联系:admin#unsafe.sh