Watch the stream
Security vulnerabilities often stem from misusing operating system or third-party APIs. The traditional solution—wrapping dangerous functions with secure-by-default frameworks—works beautifully in theory but fails at scale. How do you migrate thousands of call sites across multiple applications when each requires understanding developer intent and choosing appropriate security controls?
For over a decade, Meta's security team built approximately 15 secure-by-default frameworks for Android, each designed to prevent specific vulnerability classes. These frameworks were elegant, well-designed, and... underutilized. The deployment bottleneck wasn't technical merit; it was practical scalability. Manual migration was impossibly slow. Deterministic static analysis required massive engineering investment and still struggled with precision. Simple pattern matching was fast but dangerously error-prone.
This talk reveals how we solved this problem using generative AI, specifically Llama models, to automatically suggest and apply security framework migrations across Meta's codebase. The solution isn't just faster—it unlocks scalability that was previously impossible.
tanu jain Security Engineer, Meta
Tanu Jain is a Security Engineer at Meta with more than sixteen years of experience in software engineering and cybersecurity.