
New OWASP tool structures AI threat modeling
Threat Advisor could help teams with AI-specific risks. But a broader AppSec strategy rethink is needed in the AI era.

Threat Advisor could help teams with AI-specific risks. But a broader AppSec strategy rethink is needed in the AI era.

The Institute for Security and Technology's 'Driving AI Transparency' policy paper makes the case for AI-BOM minimum requirements.

The Magic Quadrant™ for Software Supply Chain Security is a 45-minute read. Here's what we feel security leaders need to pull from it.

With a ‘vulnpocalypse’ expected, AppSec leaders are calling for the companies to invest in a Great Refactor Fund to secure open source.

Agentic AI is moving the perimeter from components to data — and most strategies aren't built for that.

Coding agents are privileged insiders — with keys to CI/CD pipelines even as they give rise to ‘slopsquatting.’ Here’s how to govern them.

Disabling scripts by default closes the vector worms like Shai-Hulud rely on. Here's what the update fixes — and what it doesn't.

The standard connecting AI agents to tools and data leaves security to others. Make it a do-over.

OWASP's new dependency scanner gives developers actionable fixes. But supply chain attacks aren’t yet CVEs.

Frontier AI is collapsing the time from vulnerability discovery to exploit. Here are 5 ways to update your AppSec before it hits.

48,000 CVEs were reported in 2025 — but just 58 were critical. A new report highlights why signal-to-noise ratio matters for AppSec.

VM success is determined by findings reaching developers with context — which is getting more challenging. Here's why to shift gears.

The Canvas LMS supply chain compromise — which hit during finals week — shows the impact of cascading attacks.

This TeamPCP attack is a serious wakeup call about software supply chain security — and the problems with implicit trust.

AI security leader and author Steve Wilson explains why you need to rethink security — and treat AI agents as digital workers.
Get your 14-day free trial of Spectra Assure for Software Supply Chain Security
Get Free TrialMore about Spectra Assure Free Trial