Anthropic’s Claude Mythos Preview and Mozilla’s record patch batch suggest AI bug-finding could finally tip software security toward defenders. But penetrate-and-patch is the wrong end state. AI’s lasting contribution to security will come from making whole classes of vulnerability impossible to express in the first place.

This course explores the foundations of software security, covering important software vulnerabilities and attacks that exploit them, such as buffer overflows, SQL injection, and session hijacking. The course also considers defenses that prevent or mitigate these attacks, including advanced testing and program analysis techniques. We take a ‘build security in’ mentality, considering techniques at each phase of the development cycle that can be used to strengthen the security of software systems.