Is AI making application security obsolete—or exposing new risks we don’t fully understand?

In Episode 86 of Application Paranoia, Colin Bell is joined by Rob Cuddy and Kris Duer to challenge the growing narrative driven in part by Anthropic—that AI-powered development could replace traditional AppSec.

The team explores whether AI is accelerating productivity at the expense of understanding, and what that means for developers, security teams, and organisations trying to keep pace.

They also discuss:

• Whether AI is changing how we think (and learn)
• The risks of “vibe coding” and over-reliance on LLMs
• Why AppSec isn’t disappearing—but evolving
• Key findings from the latest AppSec trends report, including AI adoption, API visibility gaps, and ownership challenges

And of course, a new term is born: confidence laundering.

Episode Summary: Application Paranoia S6EP1

In the Season 6 premiere of Application Paranoia, hosts Colin Bell, Rob Cuddy, and Kris Duer kick off a new theme: debunking the top 10 myths about application security—one myth per episode.

They warm up with some lighthearted commentary on new workplace trends like “coffee badging” and the rise of “corp core” attire before diving into a fascinating conversation with Kinny Chan, Chief Commercial Officer at Trust Stamp.

Kinny shares his unique career journey from law to the cutting edge of digital identity and privacy, explaining how electronic discovery evolved from paper documents to complex digital evidence, and the challenges of handling sensitive data in litigation.

The discussion then pivots to the core topic of digital identity in an age where emails, chats, and advanced AI can fake voices and images. Kinny highlights the critical role of biometrics—like facial, palm, and gait recognition—while unpacking the challenges of ensuring liveness and authenticity.

The conversation tackles the limitations of current authentication methods (passwords, devices, biometrics), the risks of centralized identity systems, and the promise of decentralized solutions for greater privacy and control. Kinny also introduces Trust Stamp’s innovative approach of using biometric tokens and data shards to enhance both security and user privacy.

For listeners seeking practical advice, the episode covers essential tips for protecting your digital identity: monitoring your credit report to combat synthetic identity fraud, using unique email addresses, and educating children and grandparents about the dangers of deepfakes and the importance of verification.

The episode concludes with Kinny’s emphasis on using a combination of something you know, something you have, and something you are for strong authentication—and the urgent need to keep evolving digital identity protections as technology rapidly advances.

Key Takeaways:

• Digital identity is increasingly complex due to new technologies and AI.
• Biometrics offer promise but also introduce new challenges.
• Decentralized identity solutions may offer better privacy and control.
• Practical tips: monitor credit reports, use unique emails, and educate about deepfakes and verification.

Colin Bell, Rob Cuddy and Kris Duer from HCL Software bring you another insightful application paranoia session.

In this episode our special guest is Mark Spears.

Mark is currently a Principal Security Consultant at Solis Security. Having fulfilled significant time as a network defender and vCISO dealing with writing and testing InfoSec Programs and dealing with auditors and endless reporting, he has now re-focused his time on Penetration Testing to get his fill of offensive security operations. So Red Pill or Blue Pill?

A lot of his most recent education and skill focus has been on helping companies with their Web Application security through Secure-SDLC practices including configuration of Web Application Firewalls and Zero Trust solutions. When not enjoying his work at Solis Security, he can be found practicing physical security, lock picking, social engineering, or hardware hacking. Or, out on a Harley Davidson!