Navigating AI in Software Development with Colin Bell and Chris Lindsey

In the recent LinkedIn Live webinar, “Prioritizing ASPM over Traditional AppSec Testing: Effective Risk Reduction”, Colin Bell, CTO of HCL AppScan, and Chris Lindsey, Field CTO at Ox Security, had a thought-provoking discussion about the evolving role of AI in software development and application security. From the risks they are both seeing with AI-generated code to and best practices for integrating AI into secure development workflows, both speakers provided great insights into this top-of-mind subject. 

AI and the Rise of Vibe Coding

A central theme of the discussion was the emergence of "vibe coding"—a phenomenon where developers rely on AI-generated code without fully understanding its logic. This intuitive approach to coding, while efficient, raises concerns about trust and validation. 

In discussing AI tools like ChatGPT and Copilot that function with natural language prompts, Lindsey explained, “You now have tools that give the ability to just describe what you're looking for…and you're generating code at a much faster pace.” 

The concerns with AI-accelerated development now center around the origin and security of the generated code. To ensure that AI-generated code meets quality expectations, both speakers emphasized the importance of establishing and maintaining robust development standards that include peer reviews and technical oversight.

Security Risks and Validation Challenges

Security itself is another critical topic that was covered in the webinar. As AI tools become more embedded in development workflows, there is an increased risk of AI also introducing new vulnerabilities. Bell discussed the crucial need for humans to validate AI-generated code, and cited statistics that show 58 percent of developers do not fully understand the code produced by AI.

Both Bell and Lindsey agreed that developers need to be vigilant and not assume that AI-generated code is inherently secure. As Lindsey pointed out, “AI is wrong 52 percent of the time when you're doing development.” He strongly recommends the need for a layered approach to security that combines automated tools with human judgment to identify and reduce potential risks.

AI Serves as Junior Developer

Both speakers advocated for treating AI like a junior developer—useful but requiring oversight. Lindsey recommended marking AI-generated code and subjecting it to senior technical review. “Even though it's generated by a machine, it still needs to go through a senior tech review,” he said.

Bell then turned the conversation to how HCL AppScan is integrating AI into application security responsibly, with features like RapidFix. This AutoFix and AutoTriage solution uses AI to suggest fixes but allows developers to review and approve changes. “Let's use AI in the right way, and in a way that fits with a trusted process,” he advised.

The Future of AI-Driven Development

Looking ahead, both speakers acknowledged that while the technology holds immense promise, it also demands careful controls. 

Lindsey warned, “Eventually you'll just give it a story and it will generate an application for you… but who's going to validate it's right?” Bell agreed with this  and again stressed the need for human oversight and strong security testing throughout the development lifecycle.

The big takeaway for developers was that they need to stay informed, continuously evaluate the tools they use, and build a culture of accountability and continuous learning. All of this is central to moving beyond coding and testing towards comprehensive application security posture management (ASPM).

Conclusion

The webinar made clear the transformative potential of AI in software development and cautioned against accepting it with blind trust. Both speakers agreed that if development teams implement structured validation processes and treat AI as a collaborative tool rather than a replacement, organizations can harness its benefits without compromising security and maintain a robust security posture.

Click here to watch the entire discussion.

Visit HCL AppScan to learn more about how we are integrating AI responsibly throughout our full suite of application security testing and posture management tools.