Generative AI and Code Security — recent developments as of June 2025

Описание: Going through several recent developments on how Generative AI is doing with code security, including a research paper, a couple of bugs and their implications, and responding to a blog post that went semi-viral.

Wrapping up with a discussion about what I think that all means for programmers going forward.

Trying something new in terms of format for the new channel - let me know what you think.

My guess is that, if I get this format down and people like it, I'll be able to get more videos out than using my old method (although I have no plans to change the ‪@InternetOfBugs‬ channel format).

I wrote and shot a 15 minute version of this video that looks more like my regular videos, - overlaying the text from this one from time to time. Honestly, I think I like this better (although I think I could make that format work with some iteration).

Links from the video:

// Why SQL parameterization isn't sufficient by itself
// These are both bugs in PostgreSQL from the last 6 months or so:
https://www.armosec.io/blog/cve-2025-...
https://attackerkb.com/topics/G5s8ZWA...


// The heartbleed bug I use as an example
https://www.csoonline.com/article/562...

// AI Slop Bug report against cURL
https://www.theregister.com/2025/05/0...
   • this is a huge problem for cybersecurity...   [AI generated bug reports]
https://hackerone.com/reports/3125832... [CURL bug report]

// AI Slop bug reports coming to a GitHub repo near you
https://github.blog/changelog/2025-05...
https://github.com/orgs/community/dis...

// AI finds a zero day
   • vulnerability research just got easier (sc...   [AI Finds Zero Day]
https://sean.heelan.io/2025/05/22/how...

// "A heartfelt provocation about AI-assisted programming"
https://fly.io/blog/youre-all-nuts/

// Report from beginning of the video on AI generated code safety
https://cset.georgetown.edu/publicati...

// RCE in LangFlow
   • AI devs are in trouble after this..  
https://horizon3.ai/attack-research/d...
https://www.cve.org/CVERecord?id=CVE-...
https://github.com/langflow-ai/langfl...

// Quote about how debugging is harder than writing the code the first time
https://www.laws-of-software.com/laws...


00:00 Intro to New Video Format
01:34 CSET Report: Cybersecurity Risks of AI-Generated Code
04:54 People's beliefs in AI are nowhere near reality
15:39 AI Slop False Bug Reports
20:43 Responding to: "My AI Skeptic Friends Are All Nuts"
51:44 AI Finds remote Zero-day in Linux Kernel
57:42 What does all this mean for programmers the next few years?