Big thanks to ThreatLocker for sponsoring my trip to Black Hat 2025. To start your free trial with ThreatLocker please use the following link: https://www.threatlocker.com/davidbombal

AI is speeding up software development—but at a steep security cost. From Black Hat, Tanya Janca breaks down why most AI-generated code in her training use cases is insecure, what’s missing (input validation, hashing, safe DB calls), and how to fix it with secure SDLC, shift-left practices, and AI workflows that include RAG, policy prompts, automated checks, and reviews. She also shares lessons from Alice and Bob Learn Secure Coding, API/MCP pitfalls (like unauthenticated endpoints), and a “Minimal Viable Security” baseline so teams don’t ship risk by default. If you write, review, or attack
code, this will change how you use AI.

// Tanya Janca’s SOCIALS //
YouTube Channel: / shehackspurple
Website: https://shehackspurple.ca/
LinkedIn: / tanya-janca
X: https://x.com/shehackspurple

// Books REFERENCE //
Alice and Bob Learn Secure Coding by Tanya Janca:
US: https://amzn.to/4nr9XVv
UK: https://amzn.to/41GRyLV

Alice and Bob Learn Application Security by Tanya Janca
US: https://amzn.to/46forAM
UK: https://amzn.to/3VEMHqW

// Playlist REFERENCE //
My new book, Alice and Bob Learn Secure Co…
Introducing Alice and Bob Learn Applicatio…

// David’s Social //

================
Coect with me:
================
Discord: http://discord.davidbombal.com
X: https://www.x.com/davidbombal
Instagram: https://www.instagram.com/davidbombal
LinkedIn: https://www.linkedin.com/in/davidbombal
Facebook: https://www.facebook.com/davidbombal.co
TikTok: http://tiktok.com/@davidbombal
YouTube Main Chael https://www.youtube.com/davidbombal
YouTube Tech Chael: https://www.youtube.com/chael/UCZTIRrENWr_rjVoA7BcUE_A
YouTube Clips Chael: https://www.youtube.com/chael/UCbY5wGxQgIiAeMdNkW5wM6Q
YouTube Shorts Chael: https://www.youtube.com/chael/UCEyCubIF0e8MYi1jkgVepKg
Apple Podcast: https://davidbombal.wiki/applepodcast
Spotify Podcast: https://open.spotify.com/show/3f6k6gERfuriI96efWWLQQ
SoundCloud: / davidbombal

================
Support me:
================
Or, buy my CCNA course and support me:
DavidBombal.com: CCNA ($10): http://bit.ly/yt999ccna
Udemy CCNA Course: https://bit.ly/ccnafor10dollars
GNS3 CCNA Course: CCNA ($10): https://bit.ly/gns3ccna10

// MY STUFF //
https://www.amazon.com/shop/davidbombal

// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com

// Menu //
0:00 – Coming up
0:35 – Intro
01:23 – What Tanya’s new book covers
02:00 – Vibe Coding
03:11 – The Flaw’s with AI
04:28 – Start Up’s on Vibe Code
05:37 – Vibe Code is Bad Code 90% Of The Time
06:45 – Should A Client Put A Vibe Code online?
09:19 – AI Is like Pandora’s Box Its been let out now
10:35 – MCP Servers Without authentication
13:58 – API’s In Tanya’s Book
15:10 – Personal Data exposed
16:04 – Free training & book details

17:21 – Where to connect with Tanya
17:35 – Closing & thanks

Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!

Disclaimer: This video is for educational purposes only.
#vibecoding #threatlocker #blackhat