AI Engineer World's Fair Coverage
AI might seem like a magic bullet for fixing security issues, but it's not that simple, warned Eugene Yan, a member of technical staff at Anthropic, during the newly inaugurated security track at AI Engineer World's Fair. The effectiveness of AI in finding and fixing flaws is doubling every five months, he said, pointing to Mozilla releasing a 423-patch bundle in April. This was more patches than were released in all of 2025.
But while agents are good at finding and fixing flaws, the human element is still needed, say many security professionals. This is both to check that the AI has done the work properly and to make sure that seemingly low-risk bugs can't be strung together to make a serious exploit that AI might not spot.
To fix this, Yan proposed a six-stage program. "We found that most teams converge in approximately these six steps, and a big chunk of my thoughts will be about these," he told the crowd.
First, a threat-finding stage identifies a potential flaw and transfers it to phase two, a sandbox, to see if proof-of-concept code can exploit the issue. The third stage is a discovery phase in which the sample is checked against past issues that may have been fixed.







