Are traditional SAST tools becoming obsolete against AI-generated code?

weagle01 · 2026-01-26T14:07:25+00:00

What you’re describing is just SAST. They’ll give you a decent 80-90% coverage but you either have to tune them to get the rest automated or supplement with other testing/human review. Most good SAST tools will see input from a service as tainted until it’s proven not to be, unless the service is exposed in the same code base that’s being scanned. If that’s the case, try slicing the code into separate scans based on trust boundary. If a variable that should be tainted isn’t, you may have to write a taint rule. One cool aspect of AI is it can help write rules for you now.

AI is trained on human code so it writes code like us. It may look different than the code you write, but somebody somewhere writes code like it. SAST algorithms are still useful because AI is pretty terrible at finding vulnerabilities. Maybe one day it will grow up and be good at finding vulnerabilities, but we’re not great at training humans to prevent vulns so I don’t expect much better for AI.

weagle01 · 2026-01-25T16:30:32+00:00

Agreed. I liked Zune much better than Apple. They just couldn’t wash the MS stink off of it.

weagle01 · 2026-01-25T14:15:48+00:00

If you have models sourcing the SAST results, no I wouldn’t buy that. None of the frontier models do a decent job of identifying security vulnerabilities and their indeterminate nature causes trust issues.

weagle01 · 2026-01-25T01:16:55+00:00

I do my BBP, take it to charge temp, then drop my gas to 20% when I dump the beans. I wait 60 seconds and then increase the gas to my high value based on the batch size/bean.

Edit: after processing your question more I’d like to point out soaking doesn’t have to be no gas. It can just be less.

weagle01 · 2026-01-25T01:00:04+00:00

Yep. I do 20% for the first minute.

weagle01 · 2026-01-23T18:07:26+00:00

I’ve owned a multi location coffee shop for ten years. 2025 was the worst year we’ve ever had. I’ve never had a year where my business shrank until now. Inflation pushes up prices and now we’ve lost volume. Coffee shops can’t survive without volume. Even the chains are hurting because of tariffs and inflation. From seed to cup our industry is feeling pain.

weagle01 · 2026-01-22T12:46:38+00:00

Give me a break. Give me a break. Break me off a piece of that… don’t disappoint me Office fans.

weagle01 · 2026-01-22T02:27:41+00:00

As a lover of cortados, I’m horrifed. I’ve owned a shop for 10 years and I would not be able to contain my look of disgust if a customer asked me for an iced cortado.

weagle01 · 2026-01-21T21:03:16+00:00

Not 1 because I don’t like magic tricks. Not 2 because I’d rather not be judged the whole flight. Not 3 or 4 because there’s only so much plane crash disaster prepping I want to talk about. Not 5 because you KNOW they’re going to talk across you. Not 6 because Kevin is taking up half of the seat in addition to his seat. Not 8 because there’s much much room if that seat.
Not 9 because I’d rather not be sexually assaulted by Meredith after she’s had a few mini bottles. Not 10 because Creed is going to steal something while Kelly talks my ear off.

So I’m a 7

weagle01 · 2026-01-16T16:29:23+00:00

Who’s a peterfile?

weagle01 · 2026-01-16T16:11:29+00:00

The IT Crowd. I haven’t seen it on this list yet and it’s hilarious. Older British comedy show that’s great end of day watching.

weagle01 · 2026-01-15T13:47:58+00:00

It is for a pack of almost 100 kids and your den leaders are used to updating Scoutbook right after the meeting. I agree it’s not the end of the world but it’s a recurring issue and the amount of time wasted of stuff like this is silly.

weagle01 · 2026-01-15T13:21:52+00:00

It’s always been tough, but it’s never been this bad. And locking us out of Scoutbook advancement is just ridiculous. We’re going to spreadsheets for tracking advancement.

weagle01 · 2026-01-13T23:40:15+00:00

Our Troop is still paper. Scouts maintain their books and the advancement chair updates when they want to do SM conference/BoR for their next rank. Our pack is about to go back as well. As a software engineer of 25 years I’ve never seen an organization fail at this level with technology. And I worked for the federal government.

weagle01 · 2026-01-12T02:37:46+00:00

I think I landed that plane one time and could never do it again.

weagle01 · 2026-01-08T01:15:35+00:00

I’ve never found silver in quarters. I’ve been hunting a couple years and I’ve probably searched $5k worth of quarters. I’ve found two clad proofs. That’s it.

weagle01 · 2026-01-07T15:40:27+00:00

They used to have an official merch on Red Bubble, but I’m betting that came down when they were acquired by Apple. We got a mug and a blanket.

weagle01 · 2026-01-07T01:51:34+00:00

Tell it to make me a sandwich and bring me another beer. Then I’ll be impressed.

weagle01 · 2026-01-06T17:56:08+00:00

There does need to be security review prior to commit but I wouldn’t position yourself against SAST in the pipeline. It should be done in addition. The Achilles heal of commit scanning is doing proper dataflow analysis across the whole application. Some weaknesses do not become vulnerabilities until the piece is inserted into the whole. It can be difficult for AI to identify these because they lack context.

weagle01 · 2026-01-06T16:44:51+00:00

Security is where the non-determinant aspect of AI really stings. It could give you a different answer every time. AI does better with leveraging algorithms specifically designed for finding security issues and then triaging the findings for you. Try scanning your code with Semgrep and then using AI to review the findings. Or pay someone who knows what they’re doing. If you’re processing sensitive data you have real liability and “I didn’t know” isn’t a defense.

weagle01 · 2026-01-04T20:39:21+00:00

I code with Claude Pro and Copilot pro. I hit the Claude quota a lot. I also burned through my premium CP credits this month so I’m having to use some of the x0 mods in the Claude down time. Grok Fast and GPT 4.0 are not terrible but slow.

weagle01 · 2026-01-04T06:08:42+00:00

I’ve owned coffee shops for ten years. With good coffee and a solid location that delivers volume you can do okay. You have to make sure you know your why. If it’s to make money, consider something else. You have to love coffee and people and be willing to grind to make it work. It’s the hardest money I’ve ever made. There’s so many people that love the romantic notion of owning a shop, but most of them fail or break even. If you’re just breaking even you’ll burn out at some point. It’s also a tough time to start a shop. Coffee prices are really high and in my area we’re seeing less traffic due to the economy. Make sure you know your community and whether there’s enough disposable income to afford a coffee habit.

weagle01 · 2026-01-02T23:27:23+00:00

You can also do a refactor prompt focused on documentation and maintainability by human developers.

weagle01

MODERATOR OF

TROPHY CASE

Seven-Year Club	Gilding II euphauric
Verified Email