RSS

Tanya Janca on AI Slop, Vibe Coding, & the Future of AppSec

mooreds1 pts0 comments

Tanya Janca on AI Slop, Vibe Coding, & the Future of AppSec – RedMonk

You are using an outdated browser. Please upgrade your browser to improve your experience.

Skip to Content

Kate Holterhoff sits down with Tanya Janca, Secure Coding and AI Trainer at SheHacksPurple, to talk about what AI is doing to application security. Tanya’s take: we’re driving a car at three times the speed limit after 25 beers. AI writes huge portions of production code, most developers were never taught to review code for security in the first place, and release velocity keeps climbing. The conversation gets into the difference between using AI to help you code and full-on vibe coding, why context collapse trips up LLMs on security decisions, and what’s wrong with bolting AI onto legacy AppSec tools instead of building new ones. Tanya also weighs in on Anthropic’s Mythos vulnerability-finding model, argues that the bug bounty economy is heading for collapse, discusses supply chain security and the future of the SDLC, and wraps by explaining Canada’s Petition E-7115, which Janca helped draft to require secure coding standards across the Canadian federal government.

Links

LinkedIn: Tanya Janca

securemyvibe.ca

securecodingguideline.com

Transcript

Kate Holterhoff (00:04)

Hello, my name is Kate Holterhoff. Welcome to another MonkCast episode. My guest today is Tanya Janca, a security expert and secure coding and AI trainer at SheHacksPurple. Tanya, thanks so much for joining me here to talk about AI Slop and security.

Tanya Janca (00:20)

Thank you so much for having me, Kate.

Kate Holterhoff (00:21)

this is going to be a fantastic conversation. Super excited to chat about all things security with an expert here. So, the way that AI has affected security, we can all agree it’s tremendous, it’s wide-reaching, everybody’s seen the repercussions of this, and it’s only accelerating, right? So this is an in-movement thing that’s happening to us all.

And I’m excited to have an expert on here augment my own understanding of this situation. I just begin with some introductory information So Tanya, can you tell us a little bit about yourself and what it is that you do?

Tanya Janca (00:57)

Absolutely. I was a software developer for about 17 years and then I switched over to the dark side and by that I mean application security. And I wanted to be able to learn as much as I could and so I started speaking at conferences so that I could get a free ticket.

And then before I knew it, I started flying all around the world speaking everywhere because when I was younger, I was also a professional musician and I did acting and comedy as well. So like I was in Rolling Stone, I played the Vans Warp tour, I did a lot of things when I was younger. So when I speak about DevOps, I jump up and down, I get very excited. And so before I knew it, I was speaking everywhere. And so it’s been 10 years of me kind of like looping the planet, speaking about security. And so basically one day someone said, hey, could you come and train our

devs, you know, could you talk eight hours instead of one? And I was like, yeah, I could talk forever on this. And so now I own a training company and I train people how to make more secure code and how to, you know, do AI a little more safely.

Kate Holterhoff (02:01)

Fantastic. my God. What year were you on the Warped Tour? I mean, I attended that.

Tanya Janca (02:07)

2005 and I just did one date. I was just in New Mexico because I was a little tiny artist. But I mean I’ve played guitar a long time and drums as well.

Kate Holterhoff (02:19)

That’s phenomenal.

Yes, well, you I hope you bring that up all the time, appropriate situations and inappropriate because I think that is super cool. so.

Tanya Janca (02:30)

Yeah, if people see me and they want to karaoke with me, the answer is yes.

Kate Holterhoff (02:37)

All right, we’re going to talk after this. Yes, this is—next time you’re in Atlanta, we’re doing it. Okay, fantastic. So I guess let’s set the scene here a little bit. How would you characterize the security landscape today in our AI and agentic present?

Tanya Janca (02:58)

It’s, I would say it’s sort of like we’re driving a car and we’ve had about 25 beers and we’re going three times the speed limit. That’s what I would say of how I would describe the safety right now going on around software development. We are going, yeah, basically from what I’m seeing is.

Kate Holterhoff (03:13)

no.

my gosh.

Tanya Janca (03:19)

pretty much everyone is using the AI to write a significant percentage of the code that they release, if not all of it. And most software developers have never had any training on how to review code to make sure it’s safe. And so some of them are still reviewing it, lots of them still aren’t. And we are releasing code faster than ever before. And the security team had trouble just keeping up with DevOps. I say that respectfully, because I also…

Like when I did application...

tanya janca security kate holterhoff code

Related Articles

Amazon, Facebook, FBI have access to a private intelligence-sharing network

root-parent18 ptsseattle prism shield network private intelligence

Elevated error rates on requests to multiple models

recroad9 ptsclaude incident islands rates elevated error

Donald Trump and sons to be 'forever' exempt from tax audits

doener9 ptsdigital access newsletters premium financial times

PopuLoRA: Co-Evolving LLM Populations for Reasoning Self- Play

AMavorParker8 ptstasks model training self populora play

Old Reddit Is Down

Crunsher7 ptsdata autoplay videoplayerelement comments function false
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.