Internship : Security in AI-Driven Software Development

Description
As industry moves toward more sophisticated AI development practices to accelerate the software development lifecycle, a new set of security challenges takes shape. When specialized agents autonomously handle design, architecture, and implementation decisions, they may introduce vulnerabilities, like subtle flaws in logic, overlooked threat surfaces, or security anti-patterns propagated at scale across the codebase. At the same time, the question of how to effectively integrate security practices into an agent-driven lifecycle remains open.

Objectives
This internship explores both dimensions: mapping the threats that emerge when agents contribute to building software and identifying how security can be addressed meaningfully within this new paradigm. It will be applied on the ELCAi method, an ELCA approach to agentic software development.

The following activities are foreseen:
•    Literature review & context analysis: Survey existing research on secure software development lifecycles and AI-assisted development to establish what is known and where the gaps lie.
•    Threat modeling: Identify and classify threats specific to agent-driven development: vulnerable code generation, flawed architectural decisions, prompt manipulation, and cascading flaws across agent handoffs.
•    Security integration mapping: Analyze how traditional security practices can be adapted to remain effective when agents are involved, and identify where human oversight remains critical.
•    Experimentation & validation: Test identified threats and validate proposed mitigations through concrete scenarios, producing proof-of-concept implementations in a controlled environment.
•    Final presentation & knowledge transfer: Deliver a report and internal presentation consolidating findings, threat taxonomy, and actionable recommendations.

Our offer
•    A dynamic work and collaborative environment with a highly motivated multi-cultural and international sites team
•    The chance to work on one of the most strategic and fast-moving topics in the industry today.
•    Monthly After-Works organized per location
•    Good work-life balance (2 days per week from home)

Skills required
•    Strong cybersecurity knowledge (authentication, access control and authorization, threat modelling, security by design, etc.)
•    General understanding of how AI systems work, ideally with some exposure to large language models and agent-based architectures 
•    Some proficiency in writing and reading code, especially with respect to security practices