This talk covers how a Security TPM scaled their company's security review process using AI, and shares the prompts and documentation used to guide it.
You will see how AI is being used to provide early feedback on design docs and architecture diagrams, surface and document risks, and perform code reviews. You'll see the actual prompts and documentation driving this process.
A key part of this work has been figuring out where human involvement still matters. This talk covers how the team balanced AI coverage with Security Engineer involvement, reserving engineer time for the highest-risk initiatives while using AI to handle 100% of incoming security review requests.
What you will gain from this session:
-
A practical framework for AI-assisted security reviews
-
Prompts and documentation you can adapt for your own team
-
A clearer sense of how to balance AI and human involvement in a security review process
