Beyond Vibe Coding: Building Reliable AI AppSec Tools

Aleatha Parker-Wood April 17, 2026 As organizations explore AI automation for AppSec, ensuring reliable and trustworthy output becomes critical. This talk examines practical challenges in building AI systems that can consistently interpret security requirements, process engineering documentation, and produce high quality threat models and code scanning results. We'll explore technical approaches to prevent hallucinations, handle conflicting documentation, normalize AI outputs, and validate assessments against established policies. Drawing from real-world implementation experience, we'll share key patterns for building robust security automation systems that maintain high accuracy while scaling across engineering organizations.

Join Today
Andrej Karpathy: From Vibe Coding to Agentic Engineering w/ Stephanie Zhan
▶︎

Andrej Karpathy: From Vibe Coding to Agentic Engineering w/ Stephanie Zhan

Harnesses in AI: A Deep Dive — Tejas Kumar, IBM
▶︎

Harnesses in AI: A Deep Dive — Tejas Kumar, IBM

Scaling AppSec Through Humans & Agents
▶︎

Scaling AppSec Through Humans & Agents

Zig 2026: No-AI Policy, $670K Foundation, Left GitHub & Why Zig Isn’t 1.0 - Andrew Kelley Explains
▶︎

Zig 2026: No-AI Policy, $670K Foundation, Left GitHub & Why Zig Isn’t 1.0 - Andrew Kelley Explains

Inside the Modern Threat Landscape - Attacker Wins, Defender Moves, and Your Priorities
▶︎

Inside the Modern Threat Landscape - Attacker Wins, Defender Moves, and Your Priorities

Don't learn AI Agents without Learning these Fundamentals
▶︎

Don't learn AI Agents without Learning these Fundamentals

The Thinking Game | Full documentary | Tribeca Film Festival official selection
▶︎

The Thinking Game | Full documentary | Tribeca Film Festival official selection

Infrastructure Doesn’t Lie: Using Infra Signals to Detect Shadow AI Built Applications
▶︎

Infrastructure Doesn’t Lie: Using Infra Signals to Detect Shadow AI Built Applications

From Controls to Confidence: Why Security Programs Fail Without Adoption
▶︎

From Controls to Confidence: Why Security Programs Fail Without Adoption

Full Walkthrough: Workflow for AI Coding — Matt Pocock
▶︎

Full Walkthrough: Workflow for AI Coding — Matt Pocock

Yann LeCun's $1B Bet Against LLMs
▶︎

Yann LeCun's $1B Bet Against LLMs

Hermes Agent is the greatest AI tool ever made. Here's how to set it up
▶︎

Hermes Agent is the greatest AI tool ever made. Here's how to set it up

The Agent Development Lifecycle: Build, Test, Deploy, Monitor | Interrupt 26
▶︎

The Agent Development Lifecycle: Build, Test, Deploy, Monitor | Interrupt 26

How I deleted 95% of my agent skills and got better results — Nick Nisi, WorkOS
▶︎

How I deleted 95% of my agent skills and got better results — Nick Nisi, WorkOS

Ex-Google Exec: How to Position Yourself Now Before the Next AI Phase (2026–2027) | Mo Gawdat
▶︎

Ex-Google Exec: How to Position Yourself Now Before the Next AI Phase (2026–2027) | Mo Gawdat

Threat Modeling Developer Behaviour: The Psychology of Bad Code
▶︎

Threat Modeling Developer Behaviour: The Psychology of Bad Code

How AI agents & Claude skills work (Clearly Explained)
▶︎

How AI agents & Claude skills work (Clearly Explained)

Pi to Pi: Two-Way Agent Orchestration with the Pi Coding Agent
▶︎

Pi to Pi: Two-Way Agent Orchestration with the Pi Coding Agent

Claude just killed ALL Note-Taking Apps. Here is proof.
▶︎

Claude just killed ALL Note-Taking Apps. Here is proof.

EchoLeak: Anatomy of a Zero-Click Prompt Injection and How to Prevent the Next One
▶︎

EchoLeak: Anatomy of a Zero-Click Prompt Injection and How to Prevent the Next One