Truth in IT
    • Sign In
    • Register
        • Videos
        • Channels
        • Pages
        • Galleries
        • News
        • Events
        • All
Truth in IT Truth in IT
  • Data Management ▼
    • Converged Infrastructure
    • DevOps
    • Networking
    • Storage
    • Virtualization
  • Cybersecurity ▼
    • Application Security
    • Backup & Recovery
    • Data Security
    • Identity & Access Management (IAM)
    • Zero Trust
    • Compliance & GRC
    • Endpoint Security
  • Cloud ▼
    • Hybrid Cloud
    • Private Cloud
    • Public Cloud
  • Webinar Library
  • TiPs
  • DRAW

Snyk: AI Code Assistant Runs Its Own Security Audit

Snyk
07/05/2026
0 (0%)
Share
  • Comments
  • Download
  • Transcript
Report Like Favorite
  • Share/Embed
  • Email
Link
Embed

Transcript


It's on the last step of its to-do list for this prompt. I noticed it's running its own audit. I'm using PMPM on this machine. It ran PMPM audit, and that's giving it a little bit of an advantage in the sense that it's going to read the security results for open source dependencies that PMPM provides to it. And so now what it's trying to do is address those. And I think that kind of gives it a little bit of an unfair advantage, but the fact that it knew to do that is also a nice thing. On the other hand, it'd be great if the model just chose open source dependencies that didn't have vulnerabilities in them in the first place, so that it would not have to go through this iteration of finding and fixing vulnerabilities in those dependencies.

TL;DR

  • An AI code assistant autonomously ran a pnpm security audit mid-task, demonstrating proactive security awareness without being explicitly instructed to do so.
  • The model read the audit results and attempted to fix vulnerable open-source dependencies, adding a self-directed remediation step to its workflow.
  • The presenter argues the ideal outcome would be for AI models to select vulnerability-free dependencies upfront, eliminating the need for iterative find-and-fix cycles.

Summary

This short clip captures a live observation of an AI code assistant — running inside the Cursor IDE — autonomously executing a package manager security audit (pnpm audit) as part of its own workflow. The presenter notes that the model proactively ran the audit to read open-source dependency vulnerability results and then attempted to remediate the flagged issues. While this self-directed security awareness is framed as a positive signal — demonstrating that AI agents can recognize and act on security signals without being explicitly prompted — the presenter also raises a more fundamental concern: ideally, the AI model would select secure open-source dependencies from the outset, avoiding the need for a find-and-fix iteration loop altogether. The clip is an excerpt from a longer video exploring AI code security practices, and highlights the evolving capability — and current limitations — of AI-assisted development when it comes to dependency security.

Chapters

0:00 - Task Nearing Completion
0:05 - AI Runs Its Own Audit
0:20 - Addressing Vulnerabilities
0:30 - The Ideal: Secure Dependencies Upfront

Key Quotes

0:05 "I noticed it's running its own audit."
0:11 "... that's giving it a little bit of an advantage in the sense that it's going to read the security results for open source dependencies that PMPM provides to it."
0:30 "... it'd be great if the model just chose open source dependencies that didn't have vulnerabilities in them in the first place, so that it would not have to go through this iteration of finding and fixing vulnerabilities in those dependencies."

FAQ

What did the AI code assistant do that was notable in this clip?

Without being explicitly prompted, the AI assistant ran a pnpm audit to check open-source dependencies for known vulnerabilities, then attempted to address the issues it found — all as part of completing its assigned task.

Why does the presenter call this an 'unfair advantage'?

Because the AI leveraged the pnpm audit tool's security output to inform its decisions, giving it access to vulnerability data that a developer might not have manually checked — though the presenter also sees this as a positive capability.


Categories:
  • » Cybersecurity » Application Security
  • » Data Protection
Channels:
News:
Events:
Tags:
  • AI & Machine Learning
  • Application Security
  • DevSecOps
  • Demo
  • Getting Started
  • AI code assistants
  • Open-source dependency security
  • Automated security auditing
  • pnpm audit
  • AI-assisted development
  • Vulnerability remediation
Show more Show less

Browse videos

  • Related
  • Featured
  • By date
  • Most viewed
  • Top rated
  •  

              Video's comments: Snyk: AI Code Assistant Runs Its Own Security Audit

              Upcoming Webinar Calendar

              • 07/09/2026
                01:00 PM
                07/09/2026
                The HUMAN Experience: Empowering Agentic Trust in Practice
                https://www.truthinit.com/index.php/channel/2026/the-human-experience-empowering-agentic-trust-in-practice/
              • 07/14/2026
                01:00 PM
                07/14/2026
                Crafting a Championship-Level Security Team for Unmatched Defense Success
                https://www.truthinit.com/index.php/channel/2025/crafting-a-championship-level-security-team-for-unmatched-defense-success/
              • 07/14/2026
                02:00 PM
                07/14/2026
                Understanding the Crucial Role of Context in AI Data
                https://www.truthinit.com/index.php/channel/2037/understanding-the-crucial-role-of-context-in-ai-data/
              • 07/21/2026
                04:00 AM
                07/21/2026
                Strategies for Managing AI Governance and Securing App-to-LLM API Traffic
                https://www.truthinit.com/index.php/channel/1967/strategies-for-managing-ai-governance-and-securing-app-to-llm-api-traffic/
              • 07/21/2026
                01:00 PM
                07/21/2026
                HUMAN Dialogue: Insights from Attackers During the FIFA World Cup
                https://www.truthinit.com/index.php/channel/2029/human-dialogue-insights-from-attackers-during-the-fifa-world-cup/
              • 07/22/2026
                06:30 AM
                07/22/2026
                Insights and Innovations in Data Privacy and Digital Protection
                https://www.truthinit.com/index.php/channel/2000/insights-and-innovations-in-data-privacy-and-digital-protection/
              • 07/28/2026
                01:00 PM
                07/28/2026
                Illumio + Netskope: Zero Trust in the Age of AI Autonomy
                https://www.truthinit.com/index.php/channel/2031/illumio-netskope-zero-trust-in-the-age-of-ai-autonomy/
              • 07/29/2026
                04:00 AM
                07/29/2026
                Real-Time Strategies for Safeguarding Against Prompt Injections
                https://www.truthinit.com/index.php/channel/1968/real-time-strategies-for-safeguarding-against-prompt-injections/
              • 07/29/2026
                12:00 PM
                07/29/2026
                Unified Data Security in Action: Uncover, Analyze, and Resolve Threats
                https://www.truthinit.com/index.php/channel/2045/unified-data-security-in-action-uncover-analyze-and-resolve-threats/
              • 08/19/2026
                12:00 PM
                08/19/2026
                Becoming Agent Ready: Insights from Cyera's Expertise
                https://www.truthinit.com/index.php/channel/2036/becoming-agent-ready-insights-from-cyeras-expertise/
              • 09/30/2026
                04:00 AM
                09/30/2026
                AI Command Center: Optimizing Visibility and Control in Your Operations
                https://www.truthinit.com/index.php/channel/2024/ai-command-center-optimizing-visibility-and-control-in-your-operations/

              Upcoming Events

              • Jul
                09

                The HUMAN Experience: Empowering Agentic Trust in Practice

                07/09/202601:00 PM ET
                • Jul
                  14

                  Crafting a Championship-Level Security Team for Unmatched Defense Success

                  07/14/202601:00 PM ET
                  • Jul
                    14

                    Understanding the Crucial Role of Context in AI Data

                    07/14/202602:00 PM ET
                    • Jul
                      21

                      Strategies for Managing AI Governance and Securing App-to-LLM API Traffic

                      07/21/202604:00 AM ET
                      • Jul
                        21

                        HUMAN Dialogue: Insights from Attackers During the FIFA World Cup

                        07/21/202601:00 PM ET
                        More events
                        Truth in IT
                        • Sponsor
                        • About Us
                        • Terms of Service
                        • Privacy Policy
                        • Contact Us
                        • Preference Management
                        Desktop version
                        Standard version