Why Your AI Code Will Be Hacked

🎁 Get my secure local AI projects: https://zenvanriel.com/open-source?ref=jUaqMIWE2PY ⚡ Become a high-earning AI engineer: https://www.skool.com/ai-engineer AI is making you code faster, but it's making the hackers trying to break your software faster too. This video breaks down the top three ways attackers are using AI right now, poisoned packages, insecure AI-generated code, and AI phishing that now beats elite human red teams, plus the concrete fix for each one. Then I show you how to turn that same threat into one of the most in-demand jobs in tech: the AI security engineer. What You'll Learn - The top three ways AI is making hackers faster in 2026, and the fix for each - How a poisoned VS Code extension with 2M+ installs (NX Console) and a TanStack supply chain attack actually worked - Why vendoring your dependencies and disabling auto-updates is the single most effective supply chain fix - Why 45% of AI-generated code still fails security tests (71% for Java), and why that number hasn't moved in two years - How to defend your pipeline: automated security scanning on every AI change, blocking high-severity merges, and least-access coding agents - Why AI phishing went from 31% worse than a human red team to 23% better in two years, and why passkeys and hardware keys beat security training - The 4.7 million person cybersecurity workforce gap and why the defensive side is badly understaffed - How real AI security engineers got in: Johan Rehberger, Joseph Thacker, and Rich Harang - How to start your AI security career this weekend with the OWASP LLM Top 10, Promptfoo, and NVIDIA's Garak Timestamps 0:00 Intro: AI is making hackers faster too 0:30 Threat 1: Poisoned packages and supply chain attacks 1:52 Threat 2: Insecure AI-generated code 4:20 Threat 3: AI-powered phishing 5:41 Three threats at once, and burnout 6:29 AI security engineers to learn from 7:08 Start your AI security career this weekend Why I Made This Video I keep seeing engineers adopt AI coding tools without realizing the same tools are arming the attackers on the other side. I wanted to show what's actually happening and give you a path into the kind of security work companies are desperate to hire for. Sources Veracode Spring 2026 GenAI Code Security Report (45% of AI code fails security tests, 71% for Java): https://www.veracode.com/blog/spring-2026-genai-code-security/ ISC2 2024 Cybersecurity Workforce Study (4.7 million workforce gap): https://www.isc2.org/Insights/2024/10/ISC2-2024-Cybersecurity-Workforce-Study #aisecurity #aiengineer #cybersecurity #aicoding #appsec #promptinjection #owasp #phishing #supplychainsecurity #securityengineer Connect LinkedIn: https://www.linkedin.com/in/zen-van-riel Community: https://www.skool.com/ai-engineer