Go's tooling ecosystem is evolving beyond simply finding problems to automatically fixing them, but security analysis has lagged behind. In this session, we'll explore a new AI-ready taint analysis engine for gosec that traces untrusted data across an entire Go application, accurately detecting vulnerabilities such as SQL injection, command injection, path traversal, SSRF, XSS, and more.

Attendees will learn how SSA- and call graph-based analysis makes data flow tracking practical in Go, how these techniques dramatically reduce false positives, and how the same architecture can power automated and AI-assisted remediation. See where Go security tooling is headed: from detecting vulnerabilities to tracing, understanding, and fixing them before they reach production.