Tickets
Agenda
Speakers
Workshops

Wednesday 

Room 2 

11:40 - 12:40 

(UTC±00

Talk (60 min)

"Looks Good to Me": A Practical Guide to Handling AI-Generated Code

AI coding assistants like GitHub Copilot, ChatGPT, and Cursor are reshaping how we build software—and open source is no exception. These tools can now generate code, submit pull requests, and even review and merge them automatically. But what’s the cost?

AI
DevOps
People
Security
Testing
Tools

Open source maintainers are increasingly overwhelmed by “almost correct” AI-generated PRs that introduce subtle bugs, security vulnerabilities, or fail to follow contributor guidelines. Meanwhile, the rise of AI-generated Bug Bounty reports (AI slops) risks overwhelming maintainers and undermining the spirit of responsible disclosure potentially pushing projects to abandon bug bounty programs.

In this talk, we’ll explore a security-first and practical framework for using AI in software development and contribution workflows. I will cover guidelines from the well-respected communities like Linux Kernel, OpenSSF and OWASP and real-world (non-fictional) practices from the industry leaders. We will cover how to craft AI prompts with security and compliance in mind; governance templates for managing AI-generated contributions; Strategies for handling AI-generated vulnerability reports without shutting down your bug bounty program.

Roman Zhukov

Roman is a cybersecurity expert, engineer, and leader with over 17 years of hands-on experience securing complex systems and products at scale. Currently Principal Architect at Red Hat, he leads open-source security strategy, upstream collaboration, and cross-industry initiatives focused on building trusted software ecosystems. He has built and scaled programs across security architecture, threat modeling, secure development, vulnerability management, incident response, and security education - for both engineers and senior leadership. His work spans trusted AI, privacy, compliance, and secure software supply chains. Previously, Roman led Product Security & Privacy for Data Center and AI software at Intel. He is a Security Champion for several open-source projects and an active contributor to working groups under the OpenSSF, Eclipse Foundation, and other global initiatives. Roman is also a university lecturer, startup advisor, and mentor - advocating for a practical, collaborative, and responsible approach to open-source and cybersecurity. He is an official member of CEN/CLC and ETSI standardization working groups, contributing directly to the EU Cyber Resilience Act (CRA).