Authenticated dynamic application security testing has never scaled cleanly. Every application implements login differently, and the bespoke scripting required to get a scanner past authentication breaks the moment a feature changes. Agentic AI development compounds this directly: code ships continuously, applications mutate faster than security scripts can be maintained, and the window for testing collapses toward zero.
In this interview on TFiR, Dylan Thomas, Senior Director of Product and Engineering at OpenText, breaks down how Fortify DAST Aviator uses a combination of deterministic heuristics and LLM inference to automate login macro creation, self-heal authentication scripts as applications change, and bring authenticated DAST within reach of full DevSecOps pipeline integration.
Guest: Dylan Thomas, Senior Director of Product and Engineering at OpenText
Show: TFiR
Here is what every AppSec engineer, DevSecOps practitioner, and security architect needs to know.
Technical Deep Dive
Q: How is AI changing the velocity of software development and what specific pressure does this create for AppSec teams?
Dylan Thomas, Senior Director of Product and Engineering at OpenText, describes the shift as a sea change arriving in several waves. The most visible impact is volume: the pace of code production has accelerated sharply, particularly as agentic workflows have gathered momentum, and this stress-tests any process that lacks automation. A subtler pressure is the change in developer experience expectations, shifting engineers from writing code to reviewing code, which forces AppSec to rethink how it integrates with development organizations. For DAST specifically, the core problem is configuration drift: applications change so rapidly that maintaining a valid test configuration becomes a persistent blocker on scaling.
“Agentic workflows really gather steam that stress tests our existing processes. It’s exposed the weaknesses where we don’t have automation, you simply cannot scale.” — Dylan Thomas, Senior Director of Product and Engineering, OpenText
Q: How should developers, executives, and AppSec teams adapt to AI-driven development rather than resist it?
Thomas argues the industry must embrace AI within application security tooling itself, not just within development. As vibe coding and non-technical contributors expand the developer population, the assumption that users arrive with secure coding instincts no longer holds, and AI must compensate for that gap at scale. The user experience of AppSec tooling must be reimagined for autonomous agent workflows rather than individual developer integrations. Thomas is clear that fully autonomous security built into the development process is not a present reality, but identifies it as the directional goal if AI is applied intelligently.
“We are absolutely not there as an industry yet. Anyone who says you are is probably taking a very simplistic view of it. But that’s the direction the industry is pushing towards.” — Dylan Thomas, Senior Director of Product and Engineering, OpenText
Q: Why has authenticated DAST historically been so difficult to scale?
Thomas traces the root cause to the absence of a standard login implementation across applications. Organizations build authentication using web forms, certificates, multi-factor flows, and proprietary mechanisms, meaning every application requires a bespoke automation script to get a scanner past the login boundary. Those scripts are expensive to write, require tool-specific expertise, and break whenever the application changes. The same security controls designed to block attackers, MFA, certificate-based auth, adaptive login flows, also block scanners, making unauthenticated scanning insufficient for finding vulnerabilities in the areas that matter most.
“There’s no one way of handling login. The things that try to make it hard for an attacker to get in also make it very hard for automated scanning technologies to get in.” — Dylan Thomas, Senior Director of Product and Engineering, OpenText
Q: How does Fortify DAST Aviator use AI to automate login macro creation and eliminate the authenticated DAST onboarding bottleneck?
Fortify DAST Aviator combines deterministic heuristics that OpenText has refined over years of DAST development with LLM inference to handle the edge cases where application login flows deviate from expected patterns. The result is that authentication onboarding, which previously required hours of manual scripting and tool-specific knowledge, can now complete in seconds. Critically, as the application changes, Aviator can recognize the change and self-heal the authentication script rather than requiring a manual update cycle. Thomas frames this as the capability that finally moves authenticated DAST from a red team and pen tester tool into something that can be integrated at scale across DevOps pipelines alongside SAST and SCA.
“With LLM AI technology we can get the full way there. Instead of spending hours onboarding every single application, we can now have AI do that in seconds and then as the app changes, it changes with it.” — Dylan Thomas, Senior Director of Product and Engineering, OpenText
Q: What are customers and partners saying about AI sovereignty, data privacy, and geopolitical risk as it relates to AI-powered security tools?
Thomas confirms a clear trend toward data sovereignty requirements, building on frameworks like FedRAMP, Canada Protected B, IRAP in Australia, and newer European data regulations. Hardware availability from hyperscalers has been a practical constraint in expanding sovereign AI deployments, and OpenText addresses this through cross-region inference arrangements with major cloud providers. Thomas also notes that over the past year, enterprise pushback on AI tooling has decreased meaningfully as organizations have built more mature AI governance and vendor controls processes, which benefits security tool vendors who can align with those existing frameworks.
“As organizations have become comfortable with AI, there’s a lot less pushback. They’ve started to build more mature processes around vendor and AI governance controls, which means we can kind of ride the coattails on those as a vendor.” — Dylan Thomas, Senior Director of Product and Engineering, OpenText
Q: How does OpenText address security, privacy, and trust when applying AI to its own application security products?
Thomas identifies inference-only architecture as the foundational design choice. OpenText uses frontier models through hyperscaler partnerships for inference and does not use customer data to train AI models. Under inference-only operation, data is not retained by the hyperscaler or model provider after processing. On the OpenText side, Thomas describes explicit policies against retaining sensitive customer data outside of active processing, communicated through both product design and contractual terms. He frames transparency around data handling as non-negotiable when working in the security domain, where sensitive data is by definition what is being processed.
“When you want to work with security topics, you’re going to be processing sensitive data. Demonstrating clear transparency around what you store and what you don’t, and giving those terms back to customers in a very transparent way, is absolutely crucial.” — Dylan Thomas, Senior Director of Product and Engineering, OpenText
Q: Beyond login macro creation, where is AI having the biggest impact on the broader application security testing workflow?
Thomas points to two areas. The first is AI-assisted remediation, covering the full workflow from triage to fix, which has already seen strong industry adoption. Developer backlogs of security findings have always outpaced available capacity to address them, and AI is being applied aggressively to reduce the time from detection to resolution. The second and more recently emerging area, accelerated by the public emergence of models like Anthropic’s Claude Opus-class systems in early 2024, is AI-assisted vulnerability detection itself. Thomas is careful to frame this as an additive tool in the AppSec belt rather than a replacement for existing SAST, DAST, and SCA capabilities.
“We firmly believe it doesn’t replace the tools we have as part of the AppSec tool belt, but it’s this really new powerful one that we have to add to our toolbox.” — Dylan Thomas, Senior Director of Product and Engineering, OpenText
Q: How crucial is it that defenders have access to the same powerful AI models that attackers can use to find vulnerabilities?
Thomas is direct: game theory makes withholding AI capabilities from defenders self-defeating, because threat actors will acquire those capabilities regardless. His more nuanced point is that the capability gap between frontier models and widely available models like Sonnet or GPT-class systems is not uniform across all tasks. He observes that frontier models show their largest step-function improvements in exploit validation and generation against sandbox environments, rather than in raw code analysis, meaning organizations do not necessarily need access to the most restricted frontier models to achieve strong AppSec outcomes. Thomas also warns that concentrating advanced tools only in large organizations shifts attacker focus to weaker points in the supply chain, making broad access a systemic security concern.
“If we equip only the largest organizations with the most powerful models, that will simply shift the focus in the supply chain for vendors who may not meet that tier. We’ve got to provide solutions that help everyone up level their security.” — Dylan Thomas, Senior Director of Product and Engineering, OpenText
Q: What is next on OpenText Fortify’s roadmap and what emerging threats is the team investing in?
Thomas identifies post-quantum cryptography readiness as the next major investment area for the Fortify organization. OpenText has been working with customers in the public sector and financial services since late 2024 on building inventories of non-quantum-safe cryptography usage across their codebases, driven by government mandates and harvest-now-decrypt-later threat concerns. Thomas describes this as a risk-bounded prioritization challenge: current cryptographic algorithms are acceptable today, but organizations need to begin cataloguing their cryptography debt now to be positioned to migrate to quantum-safe algorithms when the transition becomes mandatory. He frames this as a significantly more nuanced problem than traditional weak cryptography detection.
“We’re going to hit a point in the future where a light switch goes on and all of a sudden these algorithms are not safe. We need to help customers on the bleeding edge get ready for that next technology breakthrough.” — Dylan Thomas, Senior Director of Product and Engineering, OpenText
Q: What cultural and process changes do organizations need to defend against multimodal prompt injection and AI-native social engineering attacks?
Thomas cites documented research showing prompt injections embedded in white-space characters within documents, illustrating that these attack vectors are not theoretical. His framework for organizational response operates at three layers: data sensitivity classification and encryption controls applied before a document reaches an agent, identity and permission controls governing what agents are authorized to act upon (treating agents as a new class of identity equivalent to service accounts), and securing the applications that interact with data and build agents. Thomas emphasizes that the underlying technologies already exist across the traditional security stack and the work is to extend and integrate them to account for agents as a new identity class.
“Agents are really just an extension, or potentially a new class of identity. The entire area of securing the permissions and controls of what agents can act upon is absolutely key.” — Dylan Thomas, Senior Director of Product and Engineering, OpenText
Resources & Documentation
- OpenText Fortify DAST Aviator, AI-powered authenticated DAST with automated login macro creation and self-healing authentication scripts
- OpenText Fortify Static Code Analyzer, static application security testing referenced as part of the integrated AppSec pipeline
***
👇 Click to Read Full Raw Transcript
Swapnil Bhartiya: As we all know that AI is no longer just an experiment, it is in production. While it speeds up coding, the byproduct is that it also floods us with code and vulnerabilities. As Linus once told me, where there is a code, there will be bugs. And there is no way AppSec teams can keep up with this new Velocity. Every AI generated feature needs immediate security testing and traditionally validating authentication flow took days of manual scripting. Now AI agents are writing and shipping code around the clock, leaving teams almost no time to audit. And to solve this problem, OpenText just launched Fortify Dash Aviator using AI to automate login macro creation and break that very bottleneck. And joining us today is Dylan Thomas, Senior Director of Product and Engineering at opendex Dialan. It’s great to have you on the show.
Dylan Thomas: Thanks so much. Pleasure to be here.
Swapnil Bhartiya: Before we dive into the solution, let’s understand the problem. How is AI changing the pace and velocity of software development and what specific challenge is this creating for AppSec teams today?
Dylan Thomas: It’s a sea change and it’s come in several different waves. As you’ve very clearly highlighted the volume of code and the pace of code has just continued to accelerate, particularly over the past even six months. As we’ve seen, agentic workflows really gather steam that stress tests our existing processes. Right. So it’s exposed the weaknesses where we don’t have automation, you simply cannot scale. And that’s probably the most obvious and visible. Some of the more subtle things as well are though, is that it’s changed the expectations around user experience. There’s a lot of talk in the industry about how the coding experience evolves for a developer from right writing code to reviewing code. And that also trickles down into the way that AppSec has to work with development organizations to streamline that user experience and then probably even more like the next wave on the horizon. Right, is as you also alluded to with Fable and Methos and these next generation models, the pressures that are going to be coming down for speed of response, for the defenders to respond to the new CVs attackers, is only going to accelerate if we look at dast in particular though, the pace of these changes really does break several of the long standing bottlenecks of scaling dast, which is that point of how do I maintain a good configuration of testing my application when my application is constantly changing? It’s evolving so rapidly and that’s just always been a natural blocker on scale.
Swapnil Bhartiya: Thank you for explaining that. There’s a lot of Fear, uncertainty and doubt in the media. But AI is here to stay. Just like the shift to cloud N and microservices, the industry will adapt. The fact is that AI is even democratizing development so non technical teams can write small apps, which is a major shift in the way we use to create software. Can you talk about how our developers, executives and AppSec teams look at these changing dynamics? How is the industry reacting to this and how do you feel the industry need to adapt to this new AI
Dylan Thomas: reality instead of fighting it in several key ways? So one of those is embracing AI and how we build application security solutions. So looking at the things that didn’t scale when we had a smaller group of maybe focused, experienced software developers who knew all the things they were supposed to be doing with secure coding, which maybe they didn’t always do. Right. But at least had an inkling of that. As we scale to those other audiences and non technical fields with vibe coding and so forth, we definitely have to leverage AI to meet users where they’re coming because they don’t come with that inherent training and skill set that we could always count on in the past and maybe relied upon. That drives us to really use the AI to work with the autonomous aging workflows. It speaks to the need to kind of reimagine the user experience. Right. Instead of ask it, thinking of a developer, I need to integrate this with the CI pipeline. Now how do I integrate my AppSec testing with an autonomous coding agent? Right. And that’s something that can then be scaled out across not just the software teams, but also across, you know, other stakeholders who may be embracing more vive coding style use cases. Even when we do about integrating. Right. Some of the testing modalities, it’s important that we’re properly applying AI to solve those long standing bottlenecks. You know, even development organizations want to get to this world where good secure code is just a product of the requirements they input. To do that, we’ve got to continue the march towards autonomous kind of autonomous security built in. We are absolutely not there as an industry yet. Anyone who says you are is probably taking a very simplistic view of it. But that’s the direction that the industry is pushing towards and over time we have a path to get there if we use AI intelligently.
Swapnil Bhartiya: Very well said. Let’s look at the authenticated dast. Why has it historically faced so many difficulties when scaling and how does fortify dast Evator uses AI to accelerate that onboarding process so teams don’t lose that
Dylan Thomas: velocity part of that, starting with the reason of why Dask testing has always been kind of started as the province of red teams and pen testers. Because every application is so different and in order to get a clear view of the app, typically the valuable personal information and sensitive data is typically contained behind a login of some sort. In many applications, that’s the crown jewels. Now you’ve got to be able to get to those crown jewels to see how they could be pulled out by an attacker or manipulated in unintended ways. If we look at the ways that organizations build apps, there’s no one way of handling login. There are things like putting your information on a web form, there’s using certificates. Over the years we’ve expanded to really drive towards multi factor authentication. All these things that try to make it hard for an attacker to get in also make it very hard for automated scanning technologies to get in and for good purposes assess the application. So to get around that, we’ve developed automation techniques. But those are typically complex and very bespoke to each software application to implement and then maintain. That’s been our traditional problem and now it’s only exemplified and exacerbated by the pace at which apps are evolving, which then changes that carefully curated automation scripting to break because you added a new feature or changed XYZ functionality. That’s where leveraging AI is so powerful. Because we’re able to combine both deterministic heuristics that we’ve used for years with the massaging capabilities of an LLM to understand the edge cases of where things might move around a little bit to automate that process. So we can, you know, between the combination of traditional technology and algorithms and AI, we can actually automate that onboarding process finally, right? It’s we could get close without AI, but with LLM AI technology we can get the full way there. So instead of spending day some hours onboarding every single application and needing to know tool specific knowledge, we can now have AI do that in seconds and then as the app changes, it changes with it, recognize that and can self heal itself. That’s something that allows you to take a technology that may have been somewhat limited in time and scope to pen testers or to maybe a small red team or maybe just security champions and actually integrate it at scale across DevOps pipelines, much the way we have with source code analysis or static analysis or software composition analysis for open source components.
Swapnil Bhartiya: Can you talk about what kind of conversations are you having with customers and partners around privacy trust and given the whole Geopolitical landscape where we are talking a lot about AI sovereignty. As you know, with Fable and before that we saw with Mythos, models are being restricted for purely political reasons. And then there are new regulations like CRA in Europe. The point is that the bar is getting higher and higher, especially for compliant industries. What are you hearing from the ecosystem in general?
Dylan Thomas: You’re absolutely right. We see that same trend towards data sovereignty and kind of what was pioneered by FedRAMP and and other the Canada protected B IRAP in Australia and now with some of the data sovereignty regulations coming out of Europe, that’s only increasing. Right. So at a macro level, you’re absolutely right. One of the challenges when it comes to AI capabilities specifically has just been availability of hardware, as everyone is very much aware. And that’s something where we work very closely with many of the hyperscalers for us and as do everyone else to try to figure out how can we get our shares the pie and leverage techniques like cross region inference and so forth. You know, as we work with organizations, I will say over the past year, as adoption of AI has matured, there’s a lot more, I think, or a lot less pushback. Just as organizations have become, you know, comfortable with AI, maybe it’s through AI coding agents that has a trickle through effect in other tooling where they’ve started to build more mature processes around, you know, vendor and AI governance controls, which means we can kind of ride the coattails on those as a vendor, I think. And that’s very important because whether it’s our product or any product, you can’t be blazing a trail and be the only one trying to solve the AI governance solution. So as everyone matures, we want to be locked up with that.
Swapnil Bhartiya: Building on that, how exactly is OpenText addressing these concerns around security, privacy and trust when applying AI to your own application security tools?
Dylan Thomas: So in addition to really scaling out our private and sovereign cloud offerings, one of the biggest challenges we’ve had is kind of, I think just some of the education the way we’ve architected our solutions, we intentionally focus on inference and leveraging the frontier models. That’s been a part of our go to market strategy and in particular in conjunction with the hyperscalers. And that does two things. One is it helps us, you know, kind of clarify our position that we will never use, we’re not using customers data to train an AI model. Right. That was oftentimes a fear, especially of legacy ML based systems. Right. So when we’re doing technologies and techniques like inference, only data is not retained by the hyperscaler or model provider. And similarly, on our side, we’re very transparent about our policies around not retaining sensitive customer data outside the processing. Right. So you know, the reality is when you want to work with security, security topics, you’re going to be processing sensitive data and, and demonstrating clear transparency around what you store and what you don’t. And giving those terms back to customers in a very transparent way, both through product design and through contractual mechanisms is absolutely crucial. And that’s a key part of a lot of the governance processes that we observe as we work with customers rolling out these technologies.
Swapnil Bhartiya: Excellent. Beyond login metro creation, where else do you see AI having the biggest impact on the broader application security testing workflow right now?
Dylan Thomas: I guess I can’t say everywhere, can I? I’ll pick two here. The first of those, which we’ve already seen extensive traction in the industry, is around the remediation workflows for many years in application security and really software development. Right. If you’re asking a developer, there’s never been a lack of security findings that are on their plate and backlog to the biggest bottleneck has always been how to actually triage those and then fix the ones in an expeditious fashion. Right. So you’re still shipping features you need to ship. Both ourselves and the industry at large is focused very heavily on leveraging AI and that from that full suit from triage to remediate workflow. And teams are really aggressively adopting that at an industry level too. So that’s been one big macro trend, the other new, more rapidly emerging one since early April and a lot of the hubbub around ethos kind of became public. Right. Is the vulnerability detection piece. So really adding a new tool, I would say in the Security DevSecOps tool belt of how can we find vulnerabilities? We firmly believe it doesn’t replace the tools we have as part of the AppSec tool belt, but it’s this really new powerful one that we have to add to our toolbox and that’s really the next wave that, you know, defenders you need to be ready for to use to proactively find, you know, new novel issues in their code and the open source that they utilize as well.
Swapnil Bhartiya: This question might be a bit controversial, but it is important one. We’re seeing incredibly powerful AI model emerging these days because they can easily spot vulnerabilities. The old security by op security model is totally dead because bad actors can use those tools to find those vulnerability. But that doesn’t mean we should not develop those models. If one company doesn’t develop it, someone else will develop it and then there is a whole open source which you cannot and should not control. Either way, as a woodworker I always say don’t fear powerful tools, always respect them. We should put guardrails in place, but we should not put gates or we should not stop building those tools. If I may ask you, from a security standpoint, how crucial is that defenders have access to these powerful AI tools to find vulnerabilities before the bad actors do?
Dylan Thomas: It’s a fantastic topic and very topical, right? I mean, if game theory in the past has taught us one thing, if you pretend that threat actors won’t get a hold of something, then you’re just diluting yourself. Right? So we have to make sure that we’re equipping defenders with tools, right? And sticking our head in the sands in industry isn’t going to, you know, solve that. Now that being said, guardrails are absolutely important. We spent a lot of time with hands on feeling this out. One of the things that we’re observing with the next generation frontier models is that there are certain areas that we’ve seen them kind of maybe really lean ahead in. So areas like actual exploit kind of validation and generation of true exploits of sandbox apps, we’ve seen probably a bigger step function as opposed to raw code analysis. So you know, we almost need to look at breaking down the capabilities at a little bit lower functional level to see where, where are we seeing real disruptive capabilities with a fable or a Mythos compared to an Opus 4.8 for example, or a GPT 5.5 which are extremely capable models. The approach that we’re also taking is one that as we speak to the broad industry, regardless of that there’s a wide, wide group that needs access to these capabilities otherwise they’re going to become the targets of threat actors. Right? The threat actors will always go to the weakest point. So if we equip the largest organizations with the most powerful models, that will simply shift the focus in the supply chain for vendors who may not meet that tier. So we’ve got to provide solutions that help everyone up level their security. We’re seeing a lot of opportunity currently at the kind of the harness and orchestration layer using publicly available models like Sonnet, like I said, like the latest GPT 5.5, the opuses, the latest Gemini models, with the proper harness plugged into a high functioning AppSec program, you can achieve incredible outcomes even without using a fable or mythos and we think that’s a really important vector that we can be pressing on kind of independently from any of the political or other factors that are outside of not just our control, but the average appsec and development organization’s control.
Swapnil Bhartiya: We can’t just sweep these issues under the rug. We need to talk about those. And the fact is that things are moving fast. And I always say that as defenders you have to be right 101% of the time, whereas bad actors have to be right only once. Can you talk about what else are you folks working on to help organizations keep up with this space and also keep their workloads secure? I mean, of course you cannot disclose too much, we’ll talk about it when it’s ready for press. But just tease us, tell us what’s next in your roadmap.
Dylan Thomas: AI has been the forefront of everyone’s mind and taking up all of the breath in the room. But there’s a small sliver that I think has never left which is around the next big disruptive wave to hit, software development, which is going to be post quantum readiness. Right. That in and of itself, itself is not a hot take, but it’s been a particular focus for us at OpenText and in the fortify organization to be on the leading edge of readiness for that curve. So for us, we’ve been explicitly for the past, going back into late last year listening to some of our customers in the public sector and in the financial services and other industries that are really concerned with both quantum readiness itself due to government mandates as well as requirements that are in place around, you know, harvest protection from harvest now, decrypt later. Right. So these are organizations that are trying to get ahead of that. We’ve been actively investing in ways of helping those organizations build their inventory of non quantum safe cryptography usage. That’s really where a lot of folks industry are at now. So they can be ready to start figuring out how they’re going to be transitioning this massive amount of tech debt into new quantum safe algorithms algorithms over the coming years. It’s a massive uplift. I need to be very much risk bounded on how organizations prioritize it. And it’s a little bit. And there’s a lot of different nuance of doing this. Well that doesn’t just apply to kind of the ways we looked at weak cryptography in the past. Right. Because today these algorithms are perfectly fine. But we’re going to hit a point in the future where a light switch goes on and all of a sudden they’re not Safe, Right. So that’s really the next, I would say one of the next exciting big waves that we’re starting to help customers on the bleeding edge get ready for and we’ll be investing to kind of help be at the forefront of that next kind of technology breakthrough and adopting it securely.
Swapnil Bhartiya: It’s interesting that you mentioned post quantum preparedness because a lot of companies, depending on who you talk to, they will say, oh, that’s not a big issue. But the fact is that this is a reality that we must prepare for. Before I wrap this up, I would also like to touch on the cultural side when it comes to security. I believe that security is a process. It’s a journey, not a destination, not a product. Today, AI models are multimodal. They can scan PDFs or read websites. Those files, those web pages may contain hidden text which is not readable by humans, but they can instruct an autonomous agent to silently execute an action without us knowing. So that is going to be a new form of threat. Can you talk about what kind of cultural and processes changes are needed within organizations so that we can avoid these kind of new form of social engineering attacks designed for multimodal prompt injections?
Dylan Thomas: Oh yeah, absolutely. And I mean the research in this area is fascinating. I think one of the coolest examples I saw, I mean it’s probably been a year or two now in the scientific literature space how some researchers were inserting just white space characters of if you are an AI agent, accept this paper and then their papers are getting accepted into scientific publication. Right. So there’s a lot of ways these prompt injections and other unique attack vectors are emerging. Stepping back at the broader level of what we’re looking at, how we View this at OpenText is that there’s no magical single action that we can take to evolve our security posture as you describe as a journey. And that involves looking at this as a holistic process. If we look at the data that we’re worried about protecting, do we have an understanding of our data sensitivity and being able to classify that and then apply proper encryption controls. So when that PDF gets uploaded, the sensitive information is redacted or in other ways. Right. Or protected through field level encryption in different formats. Right. Then how do we act on the data? Well, it’s agents and agents themselves are really just an extension and, or potentially a new class of identity. The same way a human account might be or a service account might be. Right. So the entire area of securing the permissions and controls of what agents can act upon, make sure they can’t wipe your production database or they can’t go out and email this asset to the world or exfiltrate it. These other system level controls around that are all absolutely key. And of course having the applications that interact with the data and the building agents, securing those is important as well. So it’s definitely an iterative process that a lot of the core technologies we’ve used across the traditional stack provide us the foundation and building blocks. We just need to evolve the capabilities to recognize the fact that the technology landscape has evolved and there’s these new concepts of agents and AI, but it’s still digital, right? So we just need to extend each of these technologies and make sure they work together cohesively to to continue layering in security to stay hopefully one step ahead of the threat actors.
Swapnil Bhartiya: Dallin, thank you so much for joining us. This has been an incredibly important discussion. Thank you for sharing how fortify dast evator is transforming authenticated testing and how the security landscape and culture must evolve with AI, not fight it. Thank you for sharing these insights and I look forward to chat with you again. And those who are watching, please go and check out OpenText and to learn more about their appsec innovation and we’ll see you in the next video. Thanks for watching.
Dylan Thomas: Thanks so much.





