<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"><channel><title>Defending Dev</title><description>A publication on AI-assisted secure software development. Written in good faith, weekly.</description><link>https://defending.dev/</link><item><title>Secrets in generated code</title><link>https://defending.dev/five-minute-fix/secrets-in-generated-code/</link><guid isPermaLink="true">https://defending.dev/five-minute-fix/secrets-in-generated-code/</guid><description>Assistants love a hardcoded credential. Five minutes to catch them before commit — hooks, scanner, and the prompt that prevents the habit.</description><pubDate>Wed, 01 Jul 2026 00:00:00 GMT</pubDate></item><item><title>The junior developer who never sleeps</title><link>https://defending.dev/blog/the-junior-developer-who-never-sleeps/</link><guid isPermaLink="true">https://defending.dev/blog/the-junior-developer-who-never-sleeps/</guid><description>Review everything, mentor the prompts, never let it merge alone.</description><pubDate>Tue, 30 Jun 2026 00:00:00 GMT</pubDate></item><item><title>Prompt injection, for people who ship</title><link>https://defending.dev/tutorials/prompt-injection-for-people-who-ship/</link><guid isPermaLink="true">https://defending.dev/tutorials/prompt-injection-for-people-who-ship/</guid><description>A working threat model, with tests you can paste into CI today.</description><pubDate>Fri, 26 Jun 2026 00:00:00 GMT</pubDate></item><item><title>What CISOs get wrong about copilots</title><link>https://defending.dev/podcast/ep-07-what-cisos-get-wrong-about-copilots/</link><guid isPermaLink="true">https://defending.dev/podcast/ep-07-what-cisos-get-wrong-about-copilots/</guid><description>With Dana Okafor, CISO at Meridian Health.</description><pubDate>Wed, 24 Jun 2026 00:00:00 GMT</pubDate></item><item><title>Reviewed: three SAST tools vs. assistant-written repos</title><link>https://defending.dev/reviews/three-sast-tools-vs-assistant-written-repos/</link><guid isPermaLink="true">https://defending.dev/reviews/three-sast-tools-vs-assistant-written-repos/</guid><description>We ran three leading static analysers over a corpus of assistant-generated services. The results argue for retuning, not replacing.</description><pubDate>Tue, 23 Jun 2026 00:00:00 GMT</pubDate></item><item><title>AI slop is a supply-chain problem, not a quality problem</title><link>https://defending.dev/blog/ai-slop-is-a-supply-chain-problem/</link><guid isPermaLink="true">https://defending.dev/blog/ai-slop-is-a-supply-chain-problem/</guid><description>Generated code enters your estate like a dependency — treat it with the same provenance discipline.</description><pubDate>Sat, 20 Jun 2026 00:00:00 GMT</pubDate></item><item><title>A one-page AI coding policy your board will sign</title><link>https://defending.dev/blog/a-one-page-ai-coding-policy-your-board-will-sign/</link><guid isPermaLink="true">https://defending.dev/blog/a-one-page-ai-coding-policy-your-board-will-sign/</guid><description>Scope, accountability, audit trail — on one page. Template included; adapt it this week.</description><pubDate>Tue, 16 Jun 2026 00:00:00 GMT</pubDate></item><item><title>The pentest that found nothing</title><link>https://defending.dev/podcast/ep-06-the-pentest-that-found-nothing/</link><guid isPermaLink="true">https://defending.dev/podcast/ep-06-the-pentest-that-found-nothing/</guid><description>A red-team lead on what a clean report against an AI-assisted codebase really means.</description><pubDate>Wed, 10 Jun 2026 00:00:00 GMT</pubDate></item><item><title>Metrics that survive a board meeting</title><link>https://defending.dev/blog/metrics-that-survive-a-board-meeting/</link><guid isPermaLink="true">https://defending.dev/blog/metrics-that-survive-a-board-meeting/</guid><description>Four numbers to report quarterly, and the vanity metrics to retire.</description><pubDate>Tue, 09 Jun 2026 00:00:00 GMT</pubDate></item><item><title>Selling &quot;yes, like this&quot; to a sceptical board</title><link>https://defending.dev/podcast/ep-04-selling-yes-like-this-to-a-sceptical-board/</link><guid isPermaLink="true">https://defending.dev/podcast/ep-04-selling-yes-like-this-to-a-sceptical-board/</guid><description>How three security leaders reframed AI-assisted development from threat to governed capability.</description><pubDate>Wed, 13 May 2026 00:00:00 GMT</pubDate></item></channel></rss>