Software Supply Chain Security Just Got Its Own Magic Quadrant — and RL Is On It
SSCS is a footnote that grew up, moved out, and got its own report.
Featured
Software Supply Chain Security Just Got Its Own Magic Quadrant — and RL Is On It
Should frontier AI firms fund OSS ecosystem security?
With a ‘vulnpocalypse’ expected, AppSec leaders are calling for the companies to invest in a Great Refactor Fund to secure open source.
Can AI beat AI? 3 challenges with VulnOps adoption
SecOps leaders must tackle cost and risk to deliver autonomous vulnerability operations. But with frontier AI, it's critical.
Latest
Software Supply Chain Security Just Got Its Own Magic Quadrant — and RL Is On It
SSCS is a footnote that grew up, moved out, and got its own report.
Should frontier AI firms fund OSS ecosystem security?
With a ‘vulnpocalypse’ expected, AppSec leaders are calling for the companies to invest in a Great Refactor Fund to secure open source.
Can AI beat AI? 3 challenges with VulnOps adoption
SecOps leaders must tackle cost and risk to deliver autonomous vulnerability operations. But with frontier AI, it's critical.
Gartner® Named RL a Software Supply Chain Security Visionary. Here’s What We See Coming
The first Magic Quadrant™ for Software Supply Chain Security comes as, we feel, the demand for greater supply chain visibility explodes.
Agentic AI risk isn't a model problem. It's an architecture problem.
Agentic AI is moving the perimeter from components to data — and most strategies aren't built for that.
The race to secure AI coding: 4 steps to rein agents in
Coding agents are privileged insiders — with keys to CI/CD pipelines even as they give rise to ‘slopsquatting.’ Here’s how to govern them.
Update to npm blocks install scripts: What it means for AppSec
Disabling scripts by default closes the vector worms like Shai-Hulud rely on. Here's what the update fixes — and what it doesn't.
Device code phishing bypasses password stealing
The Microsoft 365 phishing campaign persuades victims to complete a real authentication process that authorizes an attacker-controlled device.
How to defend ARM64 cloud infrastructure from ITScape
RL has documented CVE-2026-46316, and developed two YARA rules to help detect exploits of the multi-tenant cloud vulnerability.
MCP security tracks API's playbook — we know how that ends
The standard connecting AI agents to tools and data leaves security to others. Make it a do-over.
Working with agentic AI: A SecOps survival guide
Agentic AI will disrupt how SOC teams are built — and the way CISOs hire. Here’s how to embrace AI.
Phishing attacks leverage TikTok, Instagram Reels
RL has discovered two social engineering attack techniques targeting users via short-form videos. Here’s how they work.
How 56 npm packages used binding.gyp to steal secrets
The attack is notable for its breadth, flooding npm with malicious package versions.
Dependency remediation bolstered with CVE Lite CLI
OWASP's new dependency scanner gives developers actionable fixes. But supply chain attacks aren’t yet CVEs.
Get ahead of frontier AI: 5 AppSec strategy upgrades
Frontier AI is collapsing the time from vulnerability discovery to exploit. Here are 5 ways to update your AppSec before it hits.