Avoiding vulnerabilities in AI code
Dylan Ayrey (Truffle Security) on AI-Generated Code Risks
Dylan Ayrey, founder of Truffle Security, sits down with a16z partner Joel de la Garza to explore the growing security concerns around AI-generated code. As AI models take on more coding responsibilities, they introduce new risks—many of which stem from how these models were trained and aligned. Dylan highlights real-world examples of AI-generated vulnerabilities, explains why security teams should scrutinize AI-written code just as much as human-written code, and shares best practices for developers looking to balance efficiency with safety. He also discusses the challenges of detecting malicious AI-generated code and what the future holds for automated security defenses.
Learn more:
Research finds 12,000 ‘Live’ API Keys and Passwords in DeepSeek's Training Data
https://trufflesecurity.com/blog/research-finds-12-000-live-api-keys-and-passwords-in-deepseek-s-training-data
Follow everybody on social media:
Dylan Ayrey - https://x.com/insecurenature
Joel de la Garza - https://www.linkedin.com/in/3448827723723234/
Check out everything a16z is doing with artificial intelligence, including articles, projects, and more podcasts, here: https://a16z.com/ai/
02:05 - How do we protect our code in the age of gen AI?
03:08 - Are any of the embedded secrets actually live?
04:46 - What is alignment?
05:37 - The microsoft twitter bot
06:53 - Secure coding techniques (data curation)
07:39 - Reinforcement learning
08:13 - Temperature / weight adjustments
09:17 - Data scientists and security
09:47 - the pitfalls of reinforcement learning
10:17 - Constitutional AI
12:13 - Direct analog to the security world / how to make secure code
12:45 - Why we still need constitutional AI / code review
14:16 - Is alignment making code better? Or is it just training and refinement?
15:58 - Can AI solve the coding quality problem? Do humans get removed from the loop?
19:08 - How do companies protect themselves as they continue to innov
Watch on YouTube ↗
(saves to browser)
Sign in to unlock AI tutor explanation · ⚡30
Playlist
Uploads from a16z · a16z · 0 of 60
← Previous
Next →
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
a16z Podcast | Money, Risk, and Software
a16z
a16z Podcast | Wall Street's Most Hated Man -- A Conversation With Overstock.com's Patrick Byrne
a16z
a16z Podcast | How Big Companies Can Get the Most From Silicon Valley
a16z
a16z Podcast | The Role of Academia in the Startup World
a16z
a16z Podcast | AMPLab, the Power of Open Source, and the Future of Systems Software
a16z
a16z Podcast | Dell + EMC -- Why the Python Just Ate the Cow
a16z
a16z Podcast | Belief -- An Interview with Oprah Winfrey
a16z
a16z Podcast | Holy Non Sequiturs, Batman: What Disruption Theory Is ... and Isn't
a16z
a16z Podcast | Boards and the Power of Networks
a16z
a16z Podcast | A Whirlwind Tour of Policy Issues in Tech
a16z
a16z Podcast | Beyond Lean Startups
a16z
a16z Podcast | Blockchain vs/and Bitcoin
a16z
a16z Podcast | Quantum Leap
a16z
a16z Podcast | Artificial Intelligence and the 'Space of Possible Minds'
a16z
a16z Podcast | Fintech from the World's Financial Capital -- London
a16z
a16z Podcast | On Recent IPOs and Comparing Private vs. Public Valuations
a16z
a16z Podcast | The Future of Food
a16z
a16z Podcast | Data Down on the Farm
a16z
a16z Podcast | The Data Science of Food and Taste
a16z
a16z Podcast | Using Social Tools to Build Homes for Those Most in Need
a16z
a16z Podcast | London Calling for Tech Done in a Different Way
a16z
a16z Podcast | Building Tech Startups in a Place Where Tech Isn’t Everything
a16z
a16z Podcast | Nootropics and the Best Version of Your Brain, Yourself
a16z
a16z Podcast | Scaling Ideas and Startups in the U.K. and Europe
a16z
a16z Podcast | The Tiger and the Dragon -- On Tech and Startups in India and China
a16z
a16z Podcast | Telepresence and Tech for a Distributed Workforce
a16z
a16z Podcast | The Present State and Future Possibility of Virtual Reality
a16z
a16z Podcast | Writing a New Language of Storytelling with Virtual Reality
a16z
a16z Podcast | Mellody Hobson and Ben Horowitz Talk Investing, Career, and Star Wars!
a16z
a16z Podcast | The Future of Software Development
a16z
a16z Podcast | What Software Developers (and Therefore Every Company) Need
a16z
a16z Podcast | Making the Most of the Data That Matters
a16z
a16z Podcast | Harnessing the DevOps Movement -- Don’t Go Chasing Waterfalls
a16z
a16z Podcast | Nobody Discusses Work Software Outside of Work -- and Then There’s Slack
a16z
a16z Podcast | The Fundamentals of Security and the Story of Tanium’s Growth
a16z
a16z Podcast | Things Come Together -- Truths about Tech in Africa
a16z
a16z Podcast | When Banking Works Like My Smartphone
a16z
a16z Podcast | How to Be Original and Make Big Ideas Happen
a16z
a16z Podcast | The Future of Money and Monetization
a16z
a16z Podcast | Building Affirm, and Why Max Levchin Has Watched Seven Samurai 100-Plus Times
a16z
a16z Podcast | Hall of Fame Football Meets Venture Capital
a16z
a16z Podcast | Breaking the Barriers of Human Potential
a16z
a16z Podcast | 'In the Eye of a Tornado': Views on Innovation from China
a16z
a16z Podcast | Infrastructure... Is Everything
a16z
a16z Podcast | Mobile Falls Hard for Virtual Reality
a16z
a16z Podcast | Disruption in Business... and Life
a16z
a16z Podcast | Data Network Effects
a16z
a16z Podcast | The Dream of AI Is Alive in Go
a16z
a16z Podcast | I Reject the Term Viral Video
a16z
a16z Podcast | Truth and Humanity in Leadership
a16z
a16z Podcast | Your Worst Deeds Don’t Define You -- Life and Redemption in Prison
a16z
a16z Podcast | Investing in (Business and Career) Change
a16z
a16z Podcast | Scaling Companies and Culture
a16z
a16z Podcast | Teams, Trust, and Object Lessons
a16z
a16z Podcast | The Why, How, and When of Sales
a16z
a16z Podcast | Selling to Developers & Open Source Business Models
a16z
a16z Podcast | Connectivity and the Internet as Supply Chain
a16z
a16z Podcast | E-commerce, Payments, & More in India's Evolving Retail Landscape
a16z
a16z Podcast | Banking on the Blockchain
a16z
a16z Podcast | On Corporate Venturing & Setting Up 'Innovation Outposts'
a16z
More on: AI Safety Engineering
View skill →
Related AI Lessons
Chapters (15)
2:05
How do we protect our code in the age of gen AI?
3:08
Are any of the embedded secrets actually live?
4:46
What is alignment?
5:37
The microsoft twitter bot
6:53
Secure coding techniques (data curation)
7:39
Reinforcement learning
8:13
Temperature / weight adjustments
9:17
Data scientists and security
9:47
the pitfalls of reinforcement learning
10:17
Constitutional AI
12:13
Direct analog to the security world / how to make secure code
12:45
Why we still need constitutional AI / code review
14:16
Is alignment making code better? Or is it just training and refinement?
15:58
Can AI solve the coding quality problem? Do humans get removed from the loop?
19:08
How do companies protect themselves as they continue to innov
🎓
Tutor Explanation
DeepCamp AI