#319 Subho Halder: Why Traditional App Security Fails in the Age of AI - Eye On A.I. Recap

Podcast: Eye On A.I.

Published: 2026-02-01

Duration: 57 min

Summary

Subho Halder discusses the inadequacies of traditional app security in the fast-evolving landscape of AI-driven applications, emphasizing the need for a shift in security paradigms to protect sensitive user data.

What Happened

In this episode, Subho Halder, co-founder and CEO of AppNox, shares his insights on the evolving challenges of app security in the era of artificial intelligence. He reflects on a time when mobile applications were often considered successful if they simply functioned well. However, with the proliferation of sensitive data stored on smartphones, including credit card information and personal identifiers, the stakes have dramatically increased. Halder argues that the traditional approach to security, which largely treats applications as thin clients, is outdated and inadequate in today’s landscape.

As software development cycles have accelerated—from months to weeks and even days—Halder points out that security measures have not kept pace. The explosion of APIs and third-party SDKs means that mobile apps are now dynamic systems rather than static products. This shift requires a new perspective on security, focusing not just on whether code is vulnerable, but on whether the system behaves in ways that could compromise user data. Halder emphasizes that the challenge now lies in protecting applications that continuously learn and adapt, making it crucial for organizations to rethink their security models.

The discussion also highlights the risks posed by malicious actors who can create deceptive applications that mimic legitimate services. These rogue apps can easily gain access to sensitive user data through permission systems that are less transparent on mobile devices compared to desktops. Halder’s work at AppNox aims to address these vulnerabilities by identifying and mitigating risks in AI applications, advocating for a more proactive approach to security that aligns with the realities of modern software development.

Key Insights

• Traditional app security fails to adapt to the rapid evolution of software development.
• Mobile applications are now dynamic systems that require a new approach to security.
• Malicious actors exploit the trust users place in applications, creating fake apps that can steal sensitive data.
• Organizations need to shift their security models from protecting code to understanding system behavior.

Key Questions Answered

What are the main security challenges in modern mobile applications?

Subho Halder explains that the main challenge lies in how applications are treated by security teams. Traditionally, mobile applications were seen as thin clients, with the belief that real risks were server-side. However, as Halder notes, today's apps carry sensitive data—credit card information, personal identifiers—all accessed and stored on mobile devices. This disconnect in understanding the actual risk landscape has led to security models that are ill-equipped for modern threats.

How has the development cycle of software impacted security?

Halder highlights that the acceleration of software development cycles—from months to weeks and even days—poses significant challenges for traditional security testing methods. Security measures that were once sufficient, such as manual testing conducted once or twice a year, can no longer keep pace with the rapid changes in application functionality and the increasing complexity of APIs and third-party integrations.

What role does AI play in the evolution of app security?

AI represents a fundamental shift in app security, as noted by Halder. Rather than viewing software as a static object to be secured, the focus is now on securing software as a living system. This change requires understanding user behavior and system outcomes rather than just identifying code vulnerabilities, which is a drastic change from traditional security paradigms.

What are the risks associated with malicious applications?

Halder discusses the significant risks posed by malicious actors who create deceptive apps that appear legitimate. These malicious applications can easily trick users into granting permissions that expose sensitive information. For example, a fake version of a popular app could be distributed for free, only to harvest user data without their knowledge, showcasing the need for heightened awareness and security measures.

How can organizations improve their app security strategies?

Organizations are encouraged by Halder to rethink their security models, moving away from outdated compliance-driven approaches. Instead, they should adopt more proactive, agile strategies that can adapt to the dynamic nature of modern applications. This includes implementing continuous security testing, focusing on system behavior, and utilizing tools that can quickly identify vulnerabilities in real-time as apps evolve.