Episode #315

This week on Absolute AppSec’s 315th episode, Seth (@sethlaw) and Ken (@cktricky) have opinions on AI and AppSec, which seems to be evolving every day. Their popular Harnessing LLMs for Application Security training is being constantly updated to adapt to include new agents and advanced tools like Claude Code. This vigilance in wanting to teach others to use them stems from concern about the naiveté of many of these new security tools, where prompts are almost always automatically generated by AI rather than expertly crafted, often lacking essential nuance. AI companies are trying to build security products without specialized expertise, and development teams are shipping code at previously impossible speeds—this necessitates a strategic pivot toward hands-off AppSec workflows managed by proper guardrails and deterministic oversight. To listen to this episode, go to our YouTube channel or find us wherever you get your podcasts.

A significant technical warning discussed in this episode involves a critical shift in how Google manages API keys, specifically those used for embedding Google Maps. For years, these keys were considered low-risk because their primary exposure was limited to project identification that could incur minor map-related costs; however, Google recently enabled Gemini AI access for these keys by default. This means a malicious actor could scrape a public API key from a website’s JavaScript and use it to access potentially sensitive private data and run expensive AI queries at the organization’s expense, a vulnerability highlighted in the above link by researchers at Truffle Security. This situation is a stark reminder of the arms race in software development, where Ken fears that companies are incentivized to ship software at a breakneck pace and are cutting corners on resilient design and security due diligence.

The lack of reliability of these frontier AI models is obviously frustrating to Seth and Ken. Ken mentioned a recent experience where even an advanced model repeatedly introduced “dumb” vulnerabilities like SQL and command injection into refactored code. AI tools often fail to include basic protections, such as DOM purification, leading to self-inflicted cross-site scripting vulnerabilities in products meant to detect those very same issues. They both agree that while AI can be powerful, it lacks the deterministic reliability required for production security pipelines without constant human oversight and iterative prompt engineering to combat reasoning deficits.

Looking toward broader industry trends, Seth and Ken have thoughts on the emergence of AI-centric browsers and the inherent risks of giving agents broad access to local file systems. They discuss a recent zero-click exploit in which Perplexity’s AI Comment browser sent a malicious calendar invite that, when the user's browser processes it, triggers an AI summary that exfiltrates local secrets and passwords. Seth and Ken express deep skepticism toward AI companies attempting to “play the security game” without the necessary expertise, arguing that building a hardened browser is an incredibly difficult task that should not be a side project. They conclude with a sobering look at the economy of the tech sector, noting that major players like Block are undergoing massive layoffs under the guise of shifting to AI-native workflows, which may be more about “AI washing” than actual technological necessity.

As the saying goes, March is coming in like a Unicorn all over. Seems like it’s calling for you to get ready for warmer weather in our merch store. Pick a tee-shirt, and get a size and color for yourself or friends:

If you’ve got grumblings about robots and their masters saying they’ve solved AppSec based on hype-inspired exaggerations, come hang out in our Slack. If there’s something you’d like to have Seth and Ken discuss in addition to reminding everyone that security practitioners have an expertise that won’t be replace-able with a couple releases, let us know there.

Stay Secure,

Seth & Ken

Related Episodes

https://www.youtube.com/watch?v=TWM3_VHpSYc – Episode #167 - Ken Toler - Cryptocurrency, Spring4Shell – Other hype cycles have included some difficulty with understanding the interactions between new industry trends and security practices. This episode with Ken Toler involves a discussion that moves beyond hot takes on the cryptocurrency industry, and seeks to understand the landscape.

https://www.youtube.com/live/IPCdTWXT5uQ – Episode #205 - Decline of AppSec, Death of Code Review - It appears that pronouncements about the decline and imminent death of security or key components thereof are almost as common as the announcement of breaches that highlight the need for security. In this episode, Seth and Ken take on an earlier version of the recurring diagnosis concerning AppSec.

https://www.youtube.com/watch?v=iQZgJTPM6SU – Ep. #144 - Fuzzing, Radamsa, Property Testing with Stefan Edwards – In a period of rapid development, it’s worth thinking about the consequent domains of applications that we are trying to secure. Stefan and Seth’s discussion here concerning the purpose of fuzzing in how we understand our applications is worth reviewing in the context of what security really is beyond vulnerability discovery.

Absolute AppSec Happenings

'The attack requires no exploit, no user clicks, and no explicit request for sensitive actions': Experts say Perplexity's AI Comet browser can be hijacked to steal your passwords By Sead Fadilpašić at Tech Radar – In case you missed this above, Perplexity’s Comet browser is vulnerable to a critical zero-click exploit using malicious URLs or calendar invites to inject prompts that hijack the AI agent.

CISA urges organizations to adopt OpenEox standard to streamline asset management and curb cyber risks From Industrial Cyber – CISA is urging organizations to adopt OpenEox, a machine-readable standard for automating product lifecycle data. By standardizing End-of-Life and End-of-Support information, the framework helps defenders proactively identify and replace obsolete hardware and software. This streamlines asset management, reduces manual tracking costs, and curbs cyber risks associated with unsupported technologies.

Everyone Has AI. The Advantage Is in How You Distribute Agency from Samuel Tschepe — Everyone can access AI, so the competitive advantage shifts from technology to agency distribution. To win, leaders must empower employees to experiment and make decisions using AI, rather than centralizing control. Success depends on fostering a culture of trust and decentralized initiative to unlock organization-wide innovation and speed.

Upcoming Events

Where in the world are Seth and Ken?

March 21-22, 2026 - BSidesSF - Watch this space for the details regarding a panel with Seth and Ken taking place in San Francisco in March.

April 7-8, 2026 - Harnessing LLMs for Application Security - IN PERSON at Kernel Con. Come join Seth and Ken in Omaha for the Harnessing LLMs course!

April 26-27, 2026 - Harnessing LLMs for Application Security - In-person training at DEF CON Singapore. Be sure to register now if you’re looking to enhance your day-to-day AppSec processes with the power of LLM agents.