In this episode of Resilient Cyber, I sit down with Katie Norton, Research Manager for DevSecOps and Software Supply Chain Security at IDC, to unpack what application security looks like as AI moves from copilot to autonomous teammate across the software development lifecycle.

We dive into:

🤖 AI's accelerating impact on AppSec and the SDLC – and the productivity-versus-risk equation now that agentic coding tools are shipping code at machine speed

💥 The "Vulnpocalypse" – the explosion of CVEs, AI-generated code, and the widening gap between vulnerability discovery and remediation capacity

🛠️ Whether legacy AppSec categories like SAST, DAST, SCA, and ASPM can keep pace – or are being fundamentally reinvented for an agentic world

🎯 The rise of autonomous pen testing and offensive security agents (XBOW, Project Naptime, Project VAIL) and what it means when offense scales faster than defense

🔗 How agentic development is reshaping software supply chain risk – from hallucinated packages to MCP server integrity and the provenance of code no human ever wrote

🏛️ Governance models for AI-generated code, the evolving AppSec team of the future, and what CISOs should be prioritizing right now

📈 Katie's predictions for where AppSec, software supply chain security, and the SDLC are heading over the next 18-24 months

Whether you're an AppSec practitioner, security leader, developer, or just trying to make sense of how AI is reshaping software security – this conversation is packed with insights you won't want to miss.

🔔 Subscribe for more conversations on cybersecurity, AI security, and the future of resilient software.

#Cybersecurity #AppSec #AISecurity #DevSecOps #AgenticAI #SoftwareSupplyChain #ResilientCyber