In this age, we see an explosion in the use of AI-powered applications. AI has also enabled non-technical people without prior coding experience to write code. This is a major concern, especially from a security perspective, because there is no guarantee that secure coding practices are followed or that the code is reviewed for design flaws, which usually require expert human oversight beyond AI.

This problem becomes even more serious when you look at recent npm supply chain attacks, particularly typosquatting attacks, where malicious packages are deliberately named to look like popular libraries. AI-generated code that blindly suggests or auto-inserts dependencies without proper review can easily pull in these malicious packages, indirectly contributing to such attacks. When developers trust AI output without verifying package names, maintainers, or reputations, they increase the risk of introducing compromised dependencies into their applications.

In this talk, I will discuss common application vulnerabilities, how to prevent them, and cover foundational secure coding practices to follow during web development. I will also address how to rigorously review AI-generated code and its dependencies, especially third-party packages, before deploying anything to production.