Cybersecurity researchers from Bitdefender, a provider of an endpoint detection and response (EDR) platform, have discovered an extension to the Windsurf integrated development environment (IDE) that steals credentials and data after code is downloaded from the Solana blockchain platform. Silviu Stahie, a security analyst for Bitdefender, said the extension makes use of typosquatting tactics to […]
How AI is Shaping Modern DevOps and DevSecOps
AI is reshaping DevOps and DevSecOps by improving CI/CD workflows, DORA metrics and security without adding unnecessary complexity.
Sysdig Adds Runtime to Secure AI Coding Agents
Sysdig this week at the RSA Conference (RSAC) revealed it has created a runtime that makes it possible to securely deploy artificial intelligence (AI) coding tools. Jonas Rosland, director of the open source program for Sysdig, said the runtime makes it possible to monitor the activity of AI coding agents in real time, including potential […]
Cloudsmith Brings Threat Intelligence to Software Artifacts
Cloudsmith this week at the KubeCon + CloudNativeCon Europe conference revealed it has added an ability to enrich packages with threat intelligence that enables DevSecOps teams to better evaluate the risk attached to downloading a software component. Nigel Douglas, head of developer relations for Cloudsmith, said this extension to the managed service it provides for […]
Secure Code Warrior AI Agent Applies Policies to AI Generated Code
Secure Code Warrior (SCW) this week added an artificial intelligence (AI) agent that both identifies code generated by an AI coding tool and automatically applies the appropriate governance policies. Company CEO Pieter Danhieux said the SCW Trust Agent makes it possible for DevSecOps teams to use AI to verify which AI models influenced specific commits, […]
Checkmarx Adds Orchestration Framework to DevSecOps Platform
Checkmarx this week revamped its DevSecOps platform to include an orchestration framework for managing tasks assigned to artificial intelligence (AI) agents. Additionally, the company has added two additional artificial intelligence (AI) agents trained to triage vulnerabilities and remediate them using code it generates for review while at the same time adding an ability to discover […]
Arcjet Extends Runtime Policy Engine to Block Malicious Prompts
Arcjet today added an ability to detect and block risky prompts before they are shared with a large language model (LLM) embedded within an application. The Arcjet AI prompt injection protection capability is based on an LLM that the company has been specifically training to detect patterns indicative of risky prompts that can then be […]
Why AI-Generated Code Is Raising the Stakes for Secrets Management
Following a $50 million funding round, GitGuardian CEO Eric Fourrier discusses why secrets security is becoming a much bigger problem in the age of AI-generated code and autonomous agents. As more organizations rush to deploy coding assistants and AI agents, Fourrier argues that the number of exposed credentials, API keys and tokens is rising just […]
When AI Gets It Wrong: The Insecure Defaults Lurking in Your Code
The arrival of generative AI in the software development lifecycle (SDLC) is arguably the biggest shift in coding in decades. For development teams, tools like GitHub, Copilot, and other AI assistants act as a massive force multiplier, automating boilerplate, suggesting complex logic, and significantly accelerating time-to-commit. But as organizations rush to equip their teams, a […]
Malicious NPM Package Gets Downloaded 50K Times Before Discovery
A malicious package downloaded approximately 50,000 times from a node package manager (npm) is providing an object lesson for adopting more DevSecOps best practices. Security researchers from Tenable discovered a “ambar-src” package that was first published Feb. 13 and then updated again before being discovered. It is aimed at developers building JavaScript applications on Windows, […]
- « Previous Page
- 1
- 2
- 3
- 4
- 5
- 6
- …
- 82
- Next Page »