Speaker:: Paul McMillan & Ryan Lopopolo Title:: Code Is Free: Securing Software Duration:: 24 min Video:: https://www.youtube.com/watch?v=U2O14Jd3MBU ## Key Thesis Security software costs nothing to build anymore — coding agents write it for free. The correct response to every security wish list is to stop waiting for vendors and just build bespoke, fit-for-purpose tooling directly in your CI/CD pipeline, driven by threat models and expertise encoded as text in the codebase itself. ## Synopsis McMillan (security engineer at OpenAI, 3 years) and Lopopolo (product engineer at OpenAI, 1.5 years) present a radically pragmatic philosophy: code is free, therefore security tooling is free, therefore the only bottleneck is encoding your expertise into text that agents and humans can consume. McMillan opens by dismissing the traditional vendor-procurement cycle: months of integration, compliance wins but stiff inflexible tooling, endless feature request queues. He argues the alternative is a simple CI security check: a text file of things you want checked, a tool call that returns 0 or 1, text explaining why. He explicitly declines to open source his implementation because "you should just ask Codex or Claude to write this integration for you, customized to your own environment." Lopopolo takes over with the product-engineering perspective. His team at OpenAI built a product with ~1 million lines of code (250,000 of which are prompts) writing zero lines manually. The core operating principle: every piece of security knowledge that exists in anyone's head, every PR comment, every AppSec review finding, every Slack message about a concern — should be encoded as durable text in the codebase, injected into agent contexts and human review flows constantly. **Threat model as living document**: Instead of a stale threat model locked in a Google Doc, check one in (have the model generate it from existing code), then validate it on every PR via a 40-line GitHub Actions YAML. Agent reviews each PR to confirm it doesn't invalidate threat model assumptions. If a material change occurs, the agent uses the GH CLI to tag the relevant human expert, explains why they've been brought in scope, and describes the specific ambiguity to resolve. Humans are invoked as tools. **Security.md as the knowledge layer**: A security.md checked into the repo encodes principles. Adding two sentences — "secure code comes from secure interfaces that are impossible to misuse" — produced measurable uplift by causing agents to generate higher-level primitives (rooted filesystem access with high-level operations) rather than error-prone low-level stitching. **Dependency scanning**: Lopopolo spent 4 hours in an afternoon background-building a bespoke dependency scanner. It forks 16 parallel agents to spider all direct and transitive dependencies, gathers repository reputation signals, recent activity, and author reputation, and publishes a daily report to an internal hosting platform. SARIF reports are pushed to GitHub Advanced Security for downstream agent consumption. The scanner cost: one 15-minute coffee conversation with McMillan to extract principles. **Supply chain hardening example**: Spotted a PR in the open-source Codex repo hardening PNPM installer policy (disabling post-install scripts). Copy-pasted the diff to Codex: "Make it." 15 minutes later, same fix applied to their codebase, plus the underlying principles (package managers are high-risk, no arbitrary code execution in CI, human review for exceptions) encoded as durable documentation that feeds all downstream agents. Token budget is roughly 50/50 between producing code and refining/validating it, all coordinated asynchronously through GitHub. For insider risk / prompt injection bypass concerns: use multiple independent agents checking each other's work; the same prompt injection that works on a dependency-update agent likely won't work on a behavioral anomaly detector. ## Key Takeaways - A security check is just: text file of requirements + tool call returning 0/1 + CI integration — takes minutes, no vendor required - Every AppSec review, PR comment, and Slack concern should be encoded as durable text in the codebase, not lost in ephemeral threads - Threat models checked into the repo and validated on every PR are achievable today with ~40 lines of YAML - "Humans as tools" — tag experts into agent workflows only when genuine ambiguity requires human judgment - Bespoke vibe-coded lints that catch specific vulnerability classes are free and should be shipped without requiring platformization - Supply chain principle documentation enables agents to correctly evaluate dependency PRs — not just blindly apply fixes - 50% of token budget goes to validation/refinement, not just generation ## Notable Quotes / Data Points - ~1 million lines of code built writing zero lines manually (250K are prompts) - Dependency scanner built in 4 hours in a background terminal tab - Scanner forks 16 parallel agents per scan run; runs daily in CI - 15-minute coffee conversation sufficient to extract and encode dependency security principles - "Every Slack message you've ever sent to let an engineering team know they're not operating the way you need — reply to it at Codex. Make it so." - "Code is free. Software doesn't cost anything to build anymore. And the secret is that includes security software, too." - "Stop wishing for security guardrails. Just do them." - "Tokens are cheap. Throw an agent at it." #unprompted #claude