Your Sales Team is now a Developer
Find Threat Talks on
Your Sales Team is now a Developer
AI coding tools have made software creation accessible to anyone with a laptop, and the security implications are only starting to catch up. In this episode, Jack Cable, CEO of Corridor and former Secure by Design lead at CISA, joins Lieuwe Jan Koning to work through what organizations need to do right now, before the next incident makes it urgent.- What you’ll learn Why AI coding agents can introduce vulnerabilities at scale. Even the best models write insecure code 30 to 40% of the time. When an LLM produces tens of thousands of lines per day instead of a developer’s hundreds, the absolute number of flaws grows faster than any team can track.
- Why blocking AI coding tools makes the problem worse. Teams self-provision on personal accounts with zero visibility, no sanctioned environment, and no guardrails. The shadow version of this is significantly more dangerous than the controlled one.
- What systemic guardrails actually look like in practice. Standard authentication libraries, MFA enforced on external deployments, dependency management, and coding agent visibility baked in at the platform level, not bolted on after the fact.
- Why agentic AI security is a different category of risk entirely. An autonomous agent with access to your systems and exposure to untrusted data operates without an adequate security model today.
Your cybersecurity experts
Lieuwe Jan Koning
Co-Founder and CTO
ON2IT
Jack Cable
CEO & Co-founder
Corridors
Episode details
Jack Cable spent years finding vulnerabilities across some of the most secure systems in the world, and what he kept finding was never sophisticated. Authorization flaws. Insecure direct object references. Logic errors that no scanner at the time could detect.
The insight that drove him from bug bounties to CISA was the same one that makes AI-generated code so alarming: AI makes the same preventable mistakes, just faster and at far greater scale.
AI coding agents have done something genuinely new in the history of software development. Anyone in any department can describe what they want and receive working code in return. Sales teams are building internal tools. Marketers are automating workflows. Operations managers are deploying applications that touch real customer data, with no security background and no awareness that what they are doing constitutes software development at all.
Research benchmarks show that even capable models introduce vulnerabilities between 20 and 40% of the time, and the attack surface is growing in ways that most security teams are not yet tracking.
The right response is not restriction but infrastructure. Company-managed accounts so every session is visible. Platform-level mitigations that make the secure path the easy path. Different guardrails for different risk profiles. And on agentic AI: the security model does not yet exist, and organizations should treat vendor claims to the contrary with serious skepticism.
Get your Hacker T-shirt
Join the treasure hunt!
Find the code within this episode and receive your own hacker t-shirt for free.
