Talk recap: threat-informed guardrails for AI-assisted code (DEF CON AppSec Village)

Why a SAST rule that fires on Django will not fire on the same vulnerability when an agent rewrote the route last week. The talk walks through three live demos: a taxonomy-only guardrail set on an evolving FastAPI repo, the same set with threat-informed context, and the audit-log diff between the two.

Resources from the talk

• Slides on the VibeReview GitHub
• Demo repos with starter threat models
• Companion explainer in /learn