The race to secure AI coding: 4 steps to rein agents in
Coding agents are privileged insiders — with keys to CI/CD pipelines even as they give rise to ‘slopsquatting.’ Here’s how to govern them.
AppSec & Supply Chain Security
The race to secure AI coding: 4 steps to rein agents in
Update to npm blocks install scripts: What it means for AppSec
Disabling scripts by default closes the vector worms like Shai-Hulud rely on. Here's what the update fixes — and what it doesn't.
MCP security tracks API's playbook — we know how that ends
The standard connecting AI agents to tools and data leaves security to others. Make it a do-over.
Dependency remediation bolstered with CVE Lite CLI
OWASP's new dependency scanner gives developers actionable fixes. But supply chain attacks aren’t yet CVEs.
Get ahead of frontier AI: 5 AppSec strategy upgrades
Frontier AI is collapsing the time from vulnerability discovery to exploit. Here are 5 ways to update your AppSec before it hits.
CVE noise drowns out supply chain threats
48,000 CVEs were reported in 2025 — but just 58 were critical. A new report highlights why signal-to-noise ratio matters for AppSec.
5 lessons from vulnerability management's front lines
VM success is determined by findings reaching developers with context — which is getting more challenging. Here's why to shift gears.
Dependency attack takes down ed-tech platform at scale
The Canvas LMS supply chain compromise — which hit during finals week — shows the impact of cascading attacks.
GitHub breach: The development ecosystem is in the hot seat
This TeamPCP attack is a serious wakeup call about software supply chain security — and the problems with implicit trust.
AI agents are the new insider threat
AI security leader and author Steve Wilson explains why you need to rethink security — and treat AI agents as digital workers.
Shai-Hulud code drop: It’s open season for attacks
The npm malware's public release provides a ready-made blueprint for threat actors. Take action on supply chain security.
Think AI agents are risky? Your underlying stack is too
To manage agentic AI risk, organizations need to focus more on the infrastructure they run on.
Mini Shai-Hulud tears at OSS trust
This latest compromises of popular and infrastructure-level npm packages are rocking the foundations open source.
Selective NVD enrichment: Why it matters
AI vulnerability reporting is overwhelming teams — and NIST. But for AppSec, scaling back analysis is cause for alarm.
How Mythos changes the AppSec calculus
Here are the facts on Claude Mythos — and why a layered application security framework is essential.