Built-In, Not Bolt-On: Using LLMs to Achieve Secure by Design

Tuesday, October 28, 2025

2:55 PM - 3:55 PM CT

Location: Volunteer C

CPE Credits 1

Co-Speaker(s)

Swati Babbar, CISSP

Security Engineer
Amazon.com Services LLC, United States
Daphne Gerstner, CISSP

Security Engineer
Amazon.com, United States

Traditional security tooling struggles to detect business logic flaws, creating critical gaps in application security. This session demonstrates how Secure by Design principles, enhanced by Large Language Models (LLMs), can revolutionize the Software Development Lifecycle. We'll explore why conventional automated scanners fall short in identifying complex business risks and showcase how AWS Bedrock models can analyze design documentation to generate comprehensive threat models.

Through practical demonstrations, we'll illustrate how LLMs can process both high-level architecture and low-level design specifications to identify potential business logic vulnerabilities that typically evade traditional security tools.

Join us to learn how to integrate LLMs into your design phase, starting with a proof-of-concept sprint using AWS Bedrock models on your existing applications. Compare these AI-driven insights with traditional security findings and revolutionize your secure design practices.

Learning Objectives:

Implement Agentic-driven security analysis during the design phase of their SDLC, specifically using AWS Bedrock models to identify business logic vulnerabilities early in the SDLC.
Demonstrate how to translate high-level architectural documentation into actionable threat models using AI-powered tools, moving beyond traditional automated security scanning limitations.
Execute a proof-of-concept security assessment that combines both traditional security tools and LLM-based analysis to create a more comprehensive vulnerability detection strategy.