New by me: Vibe Coding Has a Security Problem, and Shipping Code You Do Not Understand Is Not a Strategy

AI-assisted coding can absolutely help teams move faster. It can also help them ship weak access controls, insecure defaults, risky dependencies, and code nobody on the team can confidently defend.

I wrote about why that matters and why review still matters just as much as speed.

https://www.kylereddoch.me/blog/vibe-coding-has-a-security-problem-and-shipping-code-you-do-not-understand-is-not-a-strategy/

#Cybersecurity #AppSec #AI #SecureCoding

⚙️ Technical Spotlight: New Session at BSides Luxembourg 2026

𝗛𝗢𝗪 𝗦𝗘𝗖𝗨𝗥𝗘 𝗜𝗦 𝗦𝗘𝗖𝗨𝗥𝗘 𝗖𝗢𝗗𝗘 𝗚𝗘𝗡𝗘𝗥𝗔𝗧𝗜𝗢𝗡? 𝗣𝗨𝗧𝗧𝗜𝗡𝗚 𝗧𝗛𝗘 𝗟𝗟𝗠𝗦 𝗧𝗢 𝗧𝗛𝗘 𝗧𝗘𝗦𝗧 – Melissa TESSA

A sharp 5-minute lightning talk challenging the assumptions behind AI-assisted coding. As developers increasingly rely on LLMs, this session exposes how “secure-by-design” claims often break under realistic conditions.

Through adversarial testing and real research insights, discover how LLMs can introduce hidden risks—from fragile evaluation methods to slopsquatting attacks via hallucinated package names. A must-see for anyone building or securing modern software with AI in the loop.

Melissa TESSA is a doctoral researcher at the University of Luxembourg’s SnT, working at the intersection of AI, software engineering, and cybersecurity. Her research focuses on enabling large language models to generate secure code—and uncovering where they fail.

📅 Conference Dates: 6–8 May 2026 | 09:00–18:00
📍 14, Porte de France, Esch-sur-Alzette, Luxembourg
🎟️ Tickets: https://2026.bsides.lu/tickets/
📅 Schedule: https://hackertracker.app/schedule?conf=BSIDESLUX2026

#BSidesLuxembourg2026 #AISecurity #LLMSecurity #SecureCoding #CyberSecurity #AI

NoSQL Injection Attacks: MongoDB, CouchDB, and More – NoSQL injection

In this article, I cover how NoSQL injection works, common attack vectors, and practical mitigation techniques.
https://denizhalil.com/2025/12/23/nosql-injection-attacks-mongodb-couchdb/

#CyberSecurity #NoSQL #MongoDB #CouchDB #WebSecurity #AppSec #Injection #InfoSec #Pentesting #RedTeam #BlueTeam #securecoding

The security implications of "Tokenmaxxing" cannot be ignored. As code churn increases by 800%+, the window for technical debt - and potential vulnerabilities - widens. If 10-30% of AI code is being rewritten within weeks, what does that say about the initial security audit of that code?

Source: https://techcrunch.com/2026/04/17/tokenmaxxing-is-making-developers-less-productive-than-they-think/

Are you seeing more insecure patterns creeping into codebases via AI agents? Let’s discuss the risk-to-reward ratio of AI-accelerated development. Follow us for more technical analysis of the AI landscape.

#InfoSec #AppSec #CyberSecurity #SecureCoding #DevSecOps #Technadu

Firms Scramble to Secure AI-Generated Code

As AI-generated code becomes more prevalent, a pressing question emerges: how much attention should security teams give to code produced by artificial intelligence? The surprising answer: a lot, with 58% of organizations dedicating over 10 hours a month to securing it.

https://osintsights.com/firms-scramble-to-secure-ai-generated-code?utm_source=mastodon&utm_medium=social

#AigeneratedCode #CodeSecurity #ArtificialIntelligence #EmergingThreats #SecureCoding

Another session announcement for BSides Luxembourg!

💻 𝗧𝗛𝗢𝗦𝗘 𝗪𝗛𝗢 𝗗𝗢𝗡’𝗧 𝗟𝗘𝗔𝗥𝗡 𝗙𝗥𝗢𝗠 𝗖𝗩𝗘𝗦 𝗔𝗥𝗘 𝗗𝗢𝗢𝗠𝗘𝗗 𝗧𝗢 𝗥𝗘𝗗𝗜𝗦𝗖𝗢𝗩𝗘𝗥 𝗧𝗛𝗘𝗠 - Louis Nyffenegger (@snyff ) 💥

Real vulnerabilities don’t appear in isolation, they’re rooted in code, context, and human error. This session walks through actual CVEs, analyzing the code where they were introduced. You will see the patterns, assumptions, and language quirks that led to the flaw - not just the exploit, but the moment it could’ve been caught.

Louis Nyffenegger https://bsky.app/profile/snyff.pentesterlab.com is the founder of PentesterLab and AppSecSchool, application security expert, and hands-on trainer with experience at the National Bank of Australia, Australia Post, and Fitbit.

📅 Conference Dates: 6–8 May 2026 | 09:00–18:00
📍 14, Porte de France, Esch-sur-Alzette, Luxembourg
🎟️ Tickets: https://2026.bsides.lu/tickets/
📅 Schedule Link: https://pretalx.com/bsidesluxembourg-2026/schedule/

#BSidesLuxembourg #CVE #CodeReview #SecureCoding #PenTest #SecurityEducation #DevSecOps

Join Fabio Cerullo’s 3-Day Web App Security Essentials training ⚔️
Exploit real vulnerabilities, understand OWASP Top 10 (2025), and tackle modern risks like AI-generated code, all in hands-on labs.
https://owaspglobalappseceuvienna20.sched.com/event/2EBUO

#AppSec #CyberSecurity #OWASP #EthicalHacking #SecureCoding #Infosec