How to Use "AI" For Security Code Reviews

In this video, I go through a demo showing how to use AI (Claude Code in this demo) to perform security code review in a way that starts with a definition of security for the codebase by identifying the relevant threats, and their suggested mitigations, and ends with finding potential security issues when these suggestions are not followed. Blog:   / how-to-use-ai-for-security-code-reviews   Hope you find it useful! 0:00 Introduction 1:57 A Mental Model for Security Issues 2:20 Category 1: Business Logic Vulnerabilities 5:50 Category 2: Source-Sink Vulnerabilities 10:36 Demo Setup: Introducing the Application 12:06 Step 1: Understanding the Architecture with AI 14:09 Step 2: Building the Threat Model with AI 15:40 Deep Dive: Insecure Deserialization via Pickle (Threat Exploration) 23:14 Step 3: Generating the Security Wiki 29:48 Step 4: Creating the AppSec Review Skill 31:49 Step 5: Running the Review on a Real Pull Request 35:55 Live Finding: Missing Authorization Checks 39:09 Key Takeaways & How to Tune the Skill 41:42 Wrap Up #AppSec 🛡️ #ApplicationSecurity 🔐 #SecurityEngineering 🧠 #DevSecOps ⚙️ #ThreatModeling 🧩 #SecureByDesign 🏗️

Join Today
What AppSec Engineers Actually Do (and Why It Matters)
▶︎

What AppSec Engineers Actually Do (and Why It Matters)

OWASP's Top 10 Ways to Attack LLMs: AI Vulnerabilities Exposed
▶︎

OWASP's Top 10 Ways to Attack LLMs: AI Vulnerabilities Exposed

How AI Agents' Capabilities Are Being Abused
▶︎

How AI Agents' Capabilities Are Being Abused

GitHub RCE (CVE-2026-3854) - Deep Dive & Lessons Learned
▶︎

GitHub RCE (CVE-2026-3854) - Deep Dive & Lessons Learned

Leverage Testfully Skills to supercharge your coding agent in API development
▶︎

Leverage Testfully Skills to supercharge your coding agent in API development

Attacking AI - Jason Haddix - NDC Security 2026
▶︎

Attacking AI - Jason Haddix - NDC Security 2026

How Netflix Uses Java - 2026 Edition
▶︎

How Netflix Uses Java - 2026 Edition

How AI agents & Claude skills work (Clearly Explained)
▶︎

How AI agents & Claude skills work (Clearly Explained)

researcher accidentally finds 0-day affecting his entire internet service provider
▶︎

researcher accidentally finds 0-day affecting his entire internet service provider

I Re-Created A Quant Trading Strategy With Claude Code (Insanely Cool)
▶︎

I Re-Created A Quant Trading Strategy With Claude Code (Insanely Cool)

Gemini CLI Essentials – Full Course
▶︎

Gemini CLI Essentials – Full Course

Why Google Just Gave Away Gemma 4 for Free
▶︎

Why Google Just Gave Away Gemma 4 for Free

you need to use Hermes RIGHT NOW!! (goodbye OpenClaw!!)
▶︎

you need to use Hermes RIGHT NOW!! (goodbye OpenClaw!!)

The Insane Genius of a Formula 1 Gearbox
▶︎

The Insane Genius of a Formula 1 Gearbox

How To Build A Self-Improving AI Trading Agent (Insanely Cool)
▶︎

How To Build A Self-Improving AI Trading Agent (Insanely Cool)

Generative AI Security Top Considerations
▶︎

Generative AI Security Top Considerations

Git & GitHub Tutorial | Visualized Git Course for Beginner & Professional Developers in 2024
▶︎

Git & GitHub Tutorial | Visualized Git Course for Beginner & Professional Developers in 2024

Full Stack AI App: Build a Real-Time Voice Agent Interview Platform
▶︎

Full Stack AI App: Build a Real-Time Voice Agent Interview Platform

How to Authenticate Agent Skills Before Execution | Nemotron Labs
▶︎

How to Authenticate Agent Skills Before Execution | Nemotron Labs

I Tested Every Claude Code Feature, These 12 Are the Best
▶︎

I Tested Every Claude Code Feature, These 12 Are the Best