Overview
AI coding assistants are transforming software development. Claude Code, Cursor, Copilot-these tools write code, execute commands, and interact with external systems autonomously. They make developers dramatically more productive. They also introduce security risks that traditional DevSecOps never anticipated. Before The Commit is the first comprehensive guide to securing AI-assisted development. Authors Danny Gershman and Dustin Hilgaertner introduce ModSecOps (Model Security Operations)-a practical framework for organizations that want AI's productivity benefits without accepting unmanaged risk. THE THREATS ARE REAL In September 2024, a Chinese state-sponsored group used an AI coding tool to autonomously attack thirty global targets across tech, finance, manufacturing, and government. It was the first documented large-scale cyber attack executed without substantial human intervention. But nation-state attacks are just the beginning. This book covers the full threat landscape: - Context Poisoning: Malicious instructions hidden in configuration files that hijack AI behavior - Prompt Injection: Attacks embedded in images, Unicode characters, and external data sources - Data Exfiltration: Techniques that trick AI into leaking sensitive information - Shadow AI: The visibility problem when employees use unapproved AI tools - Supply Chain Attacks: Why AI trained on historical code introduces twice as many vulnerabilities - Sleeper Agents: Can AI code perfectly 99.9% of the time-then strike? DEFENSE IN DEPTH The book provides actionable defenses for every threat: -LLM Proxies: Centralized control points providing visibility, guardrails, and governance - Multi-Agent Review: Using AI to review AI-generated code before humans see it - Human-in-the-Loop Patterns: When to require approval and how to prevent approval fatigue - Least Privilege: Sandboxing, network isolation, and permission management for AI systems - Incident Response: Detection, containment, and recovery procedures for AI compromise PRACTICAL IMPLEMENTATION - Building ModSecOps teams and training programs - Integrating security into every pipeline stage from dev environment to production - Measuring success with metrics that matter - Ready-to-use checklists, tool configurations, and threat model references WHO THIS BOOK IS FOR - Security engineers adding AI to their threat models - Developers using AI coding assistants who want to understand the risks - Engineering leaders building AI adoption strategies - Compliance teams developing AI governance policies ABOUT THE AUTHORS Danny Gershman and Dustin Hilgaertner bring over four decades of combined experience across defense, government, fintech, and commercial environments. Their backgrounds include Zero Trust architecture, IL5/IL6 platforms, air-gapped deployments, red team operations, and high-availability systems scaled to hundreds of thousands of users. They co-host Before The Commit, a podcast exploring AI coding security that provided the foundation for this book. Their approach comes from real experience securing AI systems in production-not theoretical frameworks that don't survive contact with reality. The AI revolution in software development is here. This book ensures you're prepared before the commit.
Full Product Details
Author: Dustin Hilgaertner ,
Danny Gershman
Publisher: Before the Commit LLC
Imprint: Before the Commit LLC
Dimensions:
Width: 20.30cm
, Height: 0.80cm
, Length: 25.40cm
Weight: 0.308kg
ISBN: 9798218888718
Pages: 148
Publication Date: 16 December 2025
Audience:
General/trade
,
General
Format: Paperback
Publisher's Status: Active
Availability: Available To Order
We have confirmation that this item is in stock with the supplier. It will be ordered in for you and dispatched immediately.
