Vibe coding is allowing even non-developers to produce fully functional web applications by using LLMs to generate code – but how secure are they?

In this episode of AppSec Serialized, special guest Bogdan Calin joins hosts Dan Murphy and Ryan Bergquist to talk about his research, which involved vibe-coding over 20,000 applications and analyzing them to learn what vulnerabilities and hardcoded secrets are most frequent.

Application security posture management (ASPM) has become a crucial pillar of AppSec programs by aggregating, correlating, and prioritizing vulnerability reports arriving from various testing tools.

In this episode of AppSec Serialized, Cenk Kalpakoğlu, founder of Kondukto, joins hosts Dan and Ryan to discuss the evolution of ASPM, how Invicti and Kondukto approach integrations, and how security can be embedded early in CI/CD pipelines. The conversation covers industry trends, automation, and lessons from Kondukto’s startup journey to its acquisition by Invicti.

Large language models are transforming software development by making it easier to write and connect code, but they also introduce serious security risks. Vulnerabilities like LLM command injection, SSRF, and insecure outputs mirror traditional web flaws while creating new attack vectors unique to AI-driven apps.

In this episode, Dan Murphy and Ryan Bergquist discuss how LLM-powered applications can be manipulated into leaking data, executing malicious commands, or wasting costly tokens. They also explain how Invicti’s scanning technology detects and validates these risks, helping organizations protect against the growing challenges of LLM security.