Shift Left on Security: Empower Full-Stack Devs to Build Safer Code | Patreon

April 2, 2025

For most developers, we see securing secret keys and requiring authentication for API endpoints as basic coding, but AI won’t. The same way that someone new to the industry wouldn’t know these best security practices either. We need to treat AI the same way we treat onboarding and training interns and juniors; we need to be explicit with the requirements and create guardrails and checkpoints as far left into the process as possible. That way, the vibe can stay high as we avoid becoming the next tech meme on Reddit.

Source: Shift Left on Security: Empower Full-Stack Devs to Build Safer Code | Patreon

As the capability of (and demand for) LLM generated code grows, there’ll be a pressure to ship more and more quickly–focussing on new features and whole new products.

But as recent episodes have shown, LLM generated code may not be as focused on security as you might hope–after all it’s trained on a lot of code that itself is unlikely to be entirely secure.

So what’s to be done? Valerie Phoenix considers tools, and approaches that can help–but above all it is about a Security-First Mindset.

Related videos

Thumbnail for The Operable Front End

The Operable Front End

Emily Nakashima

Thumbnail for What’s Happening in TLS?

What’s Happening in TLS?

Mark Nottingham

Thumbnail for On Readable Code

On Readable Code

Jared Wyles

Thumbnail for Taking Front-End Security Seriously

Taking Front-End Security Seriously

Paul Theriault

Thumbnail for CORS: Cross Domain Requests for Javascript

CORS: Cross Domain Requests for Javascript

Michael Neale

Thumbnail for Hack Yourself First

Hack Yourself First

Troy Hunt

Thumbnail for What Everyone Should Know About Rest

What Everyone Should Know About Rest

Michael Mahemoff

Thumbnail for See the Tries for the Trees

See the Tries for the Trees

Jared Wyles