top | item 46784651

(no title)

jjjutla | 1 month ago

AI coding tools figured out that AST-level understanding isn't enough. Copilot, Cursor, and others use semantic indexing through IDE integrations or GitHub's stack graphs because they precise accurate code navigation across files.

Most AI security tools haven't made the same shift. They feed LLMs ASTs or taint traces and expect them to find broken access control. But a missing authorization check doesn't show up in a taint trace because there's nothing to trace.

discuss

No comments yet.