By Anshuman Das in VULNCON 2025

Secure by Design: Embedding Security from Architecture to AI-Generated Code

Secure by Design: Embedding Security from Architecture to AI-Generated Code
In the rapidly evolving landscape of software development, the concept of "security" has graduated from a final checklist item to a foundational architectural principle. During the recent VULNCON 2025 CXO Panel, industry leaders Dhawal Shrivastava(Senior Security Program Manager @Microsoft, Ravi Rajput(Chief Security Officer @NeoTech Solutions), and Sanjeev Jaiswal(Security Architect @Flipkart), moderated by Donavan Cheah(Senior Cybersecurity Consultant @Thales ), dissected the reality of "Secure by Design."From the evolution of simple login pages to the complexities of Generative AI (GenAI) in coding, the consensus is clear: security must shift left, align with business logic, and account for the human element.

The Evolution: Why "Bolt-On" Security No Longer Works

To understand where we are going, we must look at where we started. Consider the humble login page. Years ago, a username and password sufficed. As threats evolved, we layered on One-Time Passwords (OTP), CAPTCHAs, and hardware tokens.However, modern security cannot simply be reactive layers added after development. Secure by Design requires a fundamental mindset shift. It is the practice of implementing security from architecture and design through to development, deployment, and maintenance. As the panelists noted, the traditional "waterfall" approach—where testing occurs only after development finishes—is cost-prohibitive and inefficient. In industries like automotive or IoT, discovering a bug post-production doesn't just mean a patch; it means recalling physical vehicles and burning significant capital.

The "Shift Left" Mandate and Threat Modeling

The core of Secure by Design is the "Shift Left" strategy. This involves moving security considerations from the deployment phase (right) back to the planning and business requirement phases (left).

A critical tool in this phase is Threat Modeling. While the Threat Modeling Manifesto simplifies this into four questions—What are we building? What can go wrong? What are we doing about it? Did we do a good enough job?—the execution is complex.

Context is King: The "Pen" vs. The "Missile"

Risk assessment is subjective and must be defined by business appetite. The panel illustrated this with two contrasting examples:

  • The Pen: Designing a secure pen involves assessing risks like ink leakage or its potential use as a weapon.
  • The Hardware Token: While a hardware token offers high security for banking, it can be a single point of failure in operational technology (OT). If a soldier in a warzone or an engineer on an oil rig drops their token, they lose access to critical systems, potentially endangering lives.
🗒️
Key Takeaway
You cannot copy-paste security models. You must understand the specific business environment to determine what "secure" actually looks like.

The AI Paradox: Trust, Speed, and Vulnerabilities

A major focal point of the discussion was the integration of Artificial Intelligence in the Software Development Life Cycle (SDLC). With developers increasingly relying on tools like ChatGPT, Cursor AI, or CodeWhisperer to write code, the industry faces a trust deficit.

The Risks of GenAI Code

  • Vulnerabilities by Default: Citing Stanford research, the panel noted that up to 40% of code generated by certain AI models contained vulnerabilities.•
  • Blind Trust: Developers under tight deadlines often copy-paste AI-generated code without sufficient validation, introducing business logic flaws that automated scanners might miss
  • Data Leakage: There is the persistent risk of developers pasting sensitive API keys or proprietary code into public LLMs

The Strategy: Guardrails over Bans
Banning GenAI is not a viable solution, as it hinders speed. Instead, organizations must adopt a "Trust but Verify" approach:

  • AI as a Trust Advisor: Use AI tools that act as guardrails (e.g., SonarQube for code smell) rather than just code generators.
  • Automated Enforcement: Implement pre-commit hooks and secret scanners that block code containing vulnerabilities or secrets before it enters the repository.
  • Holistic Scanning: Utilize Deep Learning models (CNNs, autoencoders) to detect anomalies and vulnerabilities in AI-generated code that traditional static analysis might miss.

Bridging the Gap: The "People" Problem

Technology is often the easiest part of the equation; the "People" and "Process" components are where Secure by Design often fails.

The Adoption Challenge
Even when security teams provide plugins to help developers write secure code, adoption remains abysmally low—often around 10%. Why? Because security is viewed as a blocker. If a developer has two hours to push a feature, security validation is often the first corner cut.

The Solution: Top-Down Culture and Visibility
To change this, security cannot be an afterthought enforced by "villains." It requires:

  • Executive Buy-in: Management must enforce security standards, supported by dashboards that show adoption rates and secret leaks.
  • Political Alignment: Security leaders must speak the language of the business. For a bank, frame security in terms of regulatory compliance; for automotive, frame it in terms of human safety and brand reputation.
  • Collaborative Design: Security architects should be involved alongside software architects at the requirement gathering stage, not just during testing.

Conclusion

Secure by Design is not a destination but a continuous negotiation between risk, business value, and technical constraints. Whether dealing with traditional authentication or AI-generated algorithms, the goal remains the same: building systems that are trustworthy.As we integrate AI into our workflows, we must ensure that we are not just coding faster, but coding safer. This requires shifting left, empowering developers with the right tools, and fostering a culture where security is everyone's responsibility—from the developer to the CXO.