Scaling an AppSec program is hard enough in a traditional environment, but it gets exponentially more difficult when Sonny from Accounting decides to vibe code their own full-stack internal tool over the weekend and announces it in the company All Hands on Monday. The "Shift Left" movement promised to get in front of security breaches by thinking about security early in the development lifecycle, but AI has thrown that idea out the window. How do we shift left when teams are deploying demos in the time that it used to take to agree on basic design principles? Teams are shipping code faster than it can be reviewed and in an era when anyone who can write a mostly coherent thought can pump out an application, vibe coders are spinning up unreviewed shadow apps overnight.
The modern AppSec program has to adapt and scale without becoming a bottleneck. We have to focus on:
Automated Guardrails: Leveraging AI to secure the code that AI creates
Democratized Security: Extending AppSec to the vibe coding masses through self-service tooling.
Maintaining Quality at Speed: Using risk-based prioritization when the codebase is growing exponentially.
AppSec programs need to stop policing every line of code and start building resilient ecosystems where everyone, not just traditional software engineers, can build safely regardless of how they write their code.
Director of Production Security, Invisible Technologies
Cory leads the Production Security function at Invisible Technologies. He’s a veteran engineer and leader who has scaled security programs for both healthcare firms and hyper-growth SaaS startups. He balances a "big picture" leadership style with a genuine love for the technical... Read More →
Saturday September 12, 2026 10:30am - 11:30am CDT Swissôtel Chicago323 E Wacker Dr, Chicago, IL 60601, USA
