Waiting for a single annual pentest to secure your application is like locking your front door only once a year and hoping for the best. In an era where 133 new vulnerabilities are reported every single day, relying on periodic snapshots leaves your organization exposed to evolving threats for months at a time. This approach is no longer just […]
Beyond the Build: Integrating Security into CI/CD Pipelines
In today’s fast-paced software development landscape, Continuous Integration and Continuous Deployment (CI/CD) pipelines are essential for delivering applications efficiently. However, the speed and automation they offer can inadvertently introduce security vulnerabilities if not properly managed. Integrating security into CI/CD pipelines, often referred to as DevSecOps, is no longer optional; it’s a necessity. The Importance of […]
The Messy Reality of Vibe Coding
The default reaction to vibe coding has been alarm — a default assumption that letting AI write large chunks of an application is going to flood production with vulnerabilities and undocumented behavior. That fear is doing as much damage as the bad code people are afraid of. Teams that freeze, ban the tools or push […]
The Great Decoupling: Scaling the Outer Loop for the Agentic Era
The “Inner Loop” of software development—the iterative cycle of writing, building, and debugging code—has just broken the sound barrier. With the emergence of agentic coding tools like Claude Code and GitHub Copilot Workspace, the developer experience has undergone a fundamental shift. Developers are no longer merely tab-completing snippets; they are orchestrating agents that generate entire […]
The Trust Problem With AI Agents in Production Pipelines
AI agents boost DevOps pipelines, but confident failures create risk. Here’s how to design for calibrated trust and human oversight.
Agentic AI for Defense: How Checkmarx Turns Security into a Coding Partner
“AI-powered” has become the default label for every security tool on the market. But there’s a meaningful difference between a tool that uses AI to generate alerts after the fact and one that actively participates in development, preventing vulnerabilities as code is written. That difference is what separates reactive AI from agentic AI. And it […]
The Open Source Trap: Why Trust Isn’t a Security Strategy
The XZ Utils backdoor was a wake-up call, but the underlying problem it exposed has not gone away. Sophisticated adversaries are playing the long game, spending months or years earning trust within open source projects before introducing malicious code into libraries that sit at the foundation of modern software infrastructure. Mike Vizard and Josh Bressers, […]
SmartBear Extends Scope of API Lifecycle Management Ambitions
SmartBear upgrades its API platform with a revamped Swagger Catalog and AI-driven drift detection to secure the modern API lifecycle against rogue, zombie, and misconfigured endpoints.
Appknox Adds AI Tool to Detect and Fix Vulnerabilities in Mobile Applications
Appknox today added an ability to apply artificial intelligence (AI) to assess vulnerabilities in the binaries used to construct a mobile application and recommend a fix that can be passed on to an AI coding tool to implement. Company CEO Harshit Agarwal said KnoxIQ provides an AI copilot to more accurately assess how exploitable a […]
Is Your AI Agent Secure? The DevOps Case for Adversarial QA Testing
Adversarial QA testing helps validate AI agents under real-world conditions, exposing risks like prompt injection and logic failures.
- « Previous Page
- 1
- 2
- 3
- 4
- 5
- …
- 82
- Next Page »