Trust and Traceability: Developer Observability in the AI-Powered SDLC -- Matias Madou

APOLOGIES FOR SOME SOUND ISSUES IN THIS VIDEO
"Trust and Traceability: Developer Observability in the AI-Powered SDLC - Safeguarding the enterprise with superior AI risk governance" - Matias Madou, Ph.D.

By 2026, more than three-quarters of developers are using AI coding tools in their workflows, often without AppSec oversight, exposing a growing security skills gap as they struggle to identify and mitigate AI-generated vulnerabilities. While fears of developers being replaced are overstated, the enterprise attack surface has expanded, demanding that CISOs evolve their programs with stronger governance, developer observability, and precision AI risk management. In this session, Dr. Matias Madou will share AI experiments and CISO research to outline pathways for world-class security leaders to empower developers through tailored training, upskilling, and security-first practices. Key themes include comparing AI versus human coding and its impact on security maturity, addressing AI data quality and safe pair programming, establishing developer skills baselines and benchmarks, growing critical security competencies quickly, and overcoming pitfalls of AI-driven vulnerability detection such as hallucinations, insecure code generation, and misconfiguration.


SPEAKER BIO:

Matias Madou, Ph.D.

Matias Madou, Ph.D. is a security expert, researcher, and CTO and co-founder of Secure Code Warrior. Matias obtained his Ph.D. in Application Security from Ghent University, focusing on static analysis solutions. He later joined Fortify in the US, where he realised that it was insufficient to solely detect code problems without aiding developers in writing secure code. This inspired him to develop products that assist developers, alleviate the burden of security, and exceed customers' expectations.
When he is not at his desk as part of Team Awesome, he enjoys being on stage presenting at conferences including RSA Conference, BlackHat and DefCon.


This talk was presented at the OWASP London Chapter Meetup on October 2, 2025 at Sage offices.
Presentation slides can be downloaded here: https://github.com/OWASP/www-chapter-...