OWASP tackles AI risk in bold new push
The Open Worldwide Application Security Project now includes an Agentic Top 10, an AI testing guide, and an AI vulnerability scoring tool.
AppSec & Supply Chain Security
OWASP tackles AI risk in bold new push
Security frameworks fail on supply chain risk
Researchers studied how well the top frameworks mitigate modern attack techniques. They found serious security gaps.
Why AI and cloud-native are security game-changers
Yesterday's security practices can't tackle today's risks, a new CSA guide notes — making updating tooling essential.
OWASP Top 10 tackles supply chain risk
The Open Worldwide Application Security Project’s widely used AppSec priority list is expanding to cover systemic risk.
CTEM advances vulnerability management
Gartner's Continuous Threat Exposure Management model represents an evolution from CVSS. Here’s what you need to know.
AI vulnerability reporting fails maintainers
Google and others are inundating developers with AI-driven reporting. Are AI-enabled fixes the answer?
New AI security tool lays out key exposures
Risk Rubric gives assessments for LLM transparency, security and more. But it's only one tool in your AI security toolbox.
Why core security controls for vibe coding are critical
Vibe coding is not going away — and the threat is real. But are developer tools like VibeSec that shift controls left up to the job?
AI is ramping up coding velocity — and risk
AI is producing code up to four times faster — but with 10 times more AppSec lapses. Here’s what you need to know.
Will npm's new security steps stop attacks?
While 2FA and trusted publishing help, you need visibility into how packages behave — not just who is publishing.
How to secure AI in container workloads
AI container workloads are growing — but security is not native. That makes additional controls essential.
MCP credential weakness raises red flags
More than half of Model Context Protocol servers were found to rely on static, long-lived credentials. With AI agents on the rise, that’s a problem.
Why modern AppSec is key to ASPM
Application security posture management is only as good as the technology it depends on. Here’s why modern software supply chain security tooling is key.
5 vibe coding security lessons
Vibe-coded apps that make it to production can be a minefield for security teams. Here are key takeaways for your AppSec team.
Why 'security as by-product’ can't replace controls
Built-in security can play a role — and fits with the Secure by Design concept — but robust security controls remain essential.