New AI security tool lays out key exposures
Risk Rubric gives assessments for LLM transparency, security and more. But it's only one tool in your AI security toolbox.
AppSec & Supply Chain Security
New AI security tool lays out key exposures
Gartner's CTEM advances vulnerability management
The Continuous Threat Exposure Management model represents an evolution from CVSS. Here’s what you need to know.
Why core security controls for vibe coding are critical
Vibe coding is not going away — and the threat is real. But are developer tools like VibeSec that shift controls left up to the job?
AI is ramping up coding velocity — and risk
AI is producing code up to four times faster — but with 10 times more AppSec lapses. Here’s what you need to know.
Will npm's new security steps stop attacks?
While 2FA and trusted publishing help, you need visibility into how packages behave — not just who is publishing.
How to secure AI in container workloads
AI container workloads are growing — but security is not native. That makes additional controls essential.
MCP credential weakness raises red flags
More than half of Model Context Protocol servers were found to rely on static, long-lived credentials. With AI agents on the rise, that’s a problem.
Why modern AppSec is key to ASPM
Application security posture management is only as good as the technology it depends on. Here’s why modern software supply chain security tooling is key.
5 vibe coding security lessons
Vibe-coded apps that make it to production can be a minefield for security teams. Here are key takeaways for your AppSec team.
Why 'security as by-product’ can't replace controls
Built-in security can play a role — and fits with the Secure by Design concept — but robust security controls remain essential.
ASM and the attack surface: 10 key risk factors
Attack surface management (ASM) isn’t just another buzzword. It represents a fundamental shift in security strategy with risk on the rise.
The Postmark MCP server attack: 5 key takeaways
A malicious Model Context Protocol package was found in the wild last week. Here are lessons from the compromise of the AI interface tool.
FAQ: The Shai-hulud npm worm attack explained
Here's what you need to know about the discovery of the first self-replicating npm worm, which compromised packages with cloud token-stealing malware.
CVE-Genie raises stakes in the vulnerability race
While security defenders welcomed the new vulnerability-validation tool, others stress it can be just as useful for would-be attackers.
Deadlines vs. secure code: How AppSec can cope
AI coding and other modern development practices mean flawed code will continue to ship. Here are key recommendations for managing software risk.