The Boring AppSec Podcast Ep. 22 - Ken Johnson

In episode 22, we talk to Ken Johnson. Ken is the Co-Founder and CTO of Dryrun Security, an AI-native code security company that identifies code risk like an experienced AppSec engineer without slowing down developers. Before embarking on his founder's journey, Ken was in the trenches, shaping security practices at one of the world's largest developer platforms, GitHub. He's also a respected voice in the community, known for his work in the open-source world and as the co-host of the popular Absolute AppSec podcast.

In this episode, Ken discusses the evolution of application security, focusing on the role of AI and LLMs in enhancing security practices. He emphasizes the importance of context engineering over traditional prompt engineering, the challenges of consistency and repeatability in LLM outputs, and the ethical considerations surrounding AI in security. The discussion also highlights the need for orchestration in AI applications and the future potential of AI in the security landscape.

Below are some of the key takeaways from the episode.

Key Takeaways

  • DryRun Security utilizes AI to enhance code security.
  • Context engineering is crucial for effective AI applications.
  • LLMs can augment security practices but require careful orchestration.
  • Consistency in LLM outputs is a significant challenge.
  • Ethical considerations in AI are becoming increasingly important.
  • Finding the right balance in using LLMs is essential.
  • Community collaboration is vital for advancing AI solutions.
  • Orchestration is a key factor in AI performance.
  • AI will not replace jobs but will change how we work.

We hope you tune in and, if you like the episode, please do subscribe!


If you like the content and don't want to miss out on new posts, enter your email and hit the Subscribe button below. I promise I won't spam. Only premium content!