AI-Driven Code Surge Is Forcing a Rethink of AppSec
In a conversation with Dark Reading’s Terry Sweeney, Black Duck CEO Jason Schmitt explains how AI is reshaping application security and why it must evolve to keep pace.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
In a conversation with Dark Reading’s Terry Sweeney, Black Duck CEO Jason Schmitt explains how AI is reshaping application security and why it must evolve to keep pace.
Foundation Capital's Sid Trivedi on the Three Markets AI Labs Can't Easily EnterAI labs are moving into application security, but three structural barriers define where they won't go, and that's where the next generation of durable security companies will be built, said Sid Trivedi, partner at Foundation Capital.
Costanoa Ventures' John Cowgill on Moving From Static Analysis to Runtime DefenseArtificial intelligence-generated code is arriving faster than security teams can review it, and the risks are moving from the line level to the system level, says John Cowgill, partner at Costanoa Ventures.
How Claude's New AI Code Scanning Tool Will Challenge Application Security LeadersAnthropic's debut of Claude Code Security jolted cybersecurity stocks and intensified competition in application security testing. It promises deep reasoning around identifying and remediating code vulnerabilities but faces steep challenges matching the feature breadth required by large enterprises.
How Claude's New AI Code Scanning Tool Will Challenge Application Security LeadersAnthropic's debut of Claude Code Security jolted cybersecurity stocks and intensified competition in application security testing. It promises deep reasoning around identifying and remediating code vulnerabilities but faces steep challenges matching the feature breadth required by large enterprises.
In 2025, these startups have reimagined browser security, pioneered application security for AI-generated code, and are building consensus on agentic vs. human costs.
Tromzo Acquisition Adds AI Team and Technology for Automated Security RemediationCheckmarx acquired AI security startup Tromzo to jumpstart its roadmap for agentic application security. The deal gives Checkmarx a ready-built platform and team focused on enterprise-grade triage and remediation agents designed to streamline vulnerability management.
Risk list highlights misconfigs, supply chain failures, and singles out prompt injection in AI apps The Open Worldwide Application Security Project (OWASP) just published its top 10 categories of application risks for 2025, its first list since 2021. It found that while broken access control remains the top issue, security misconfiguration is a strong second, and software supply chain issues are still prominent.…
Joint Platform to Offer Human-Led, Automated Application Security in One PlaceBugcrowd acquired Mayhem Security to integrate automated application testing with human-led testing capabilities. The company plans to embed Pittsburgh-based Mayhem's reinforcement learning tech and AI models into its broader platform to speed up vulnerability detection.
Calypso’s Red-Teaming and Agentic Threat Tools Boost F5’s Application Security EdgeF5’s latest acquisition brings Dublin, Ireland-based CalypsoAI’s unique AI security stack into its platform to secure application traffic against LLM misuse, data leakage and shadow AI, enhancing protection for hybrid and multi-cloud environments and helping secure apps and APIs.
AI agent system said to have found more than 100 zero-day flaws in production apps AI models get slammed for producing sloppy bug reports and burdening open source maintainers with hallucinated issues, but they also have the potential to transform application security through automation.…
AI-assisted security reviews from Anthropic and others could help level up enterprise application security in the era of vibe coding.
GenAI Chooses Insecure Code Nearly Half the Time, Veracode FindsThere's been little improvement in how well AI models handle core security decisions, says a report from application security company Veracode. Large language models introduce vulnerabilities in nearly half of test cases when asked to complete secure code tasks, it found.
Funding Will Fuel R&D Push Into Automated Remediation and Risk Prioritization ToolsWith code increasingly generated by AI and attackers using AI for exploits, OX Security raised $60 million to scale R&D and help developers prioritize critical vulnerabilities. The company aims to close detection gaps and reduce time-to-remediation in application security.
Cybersecurity researchers have disclosed a critical security flaw in the Lightning AI Studio development platform that, if successfully exploited, could allow for remote code execution
The Open Web Application Security Project has recently introduced a new Top 10 project - the Non-Human Identity (NHI) Top 10. For years, OWASP has provided security professionals and developers with essential guidance and actionable frameworks through its Top 10 projects, including the widely used API and Web Application security lists. Non-human identity security represents an emerging
Checkmarx's Sandeep Johri Details Malicious Code, AI Risks in Application SecurityAs software complexities grow, supply chain security is now essential to application security, according to Sandeep Johri, Checkmarx CEO. Johri discusses the challenges of malicious code, adversarial AI and the market's call for consolidated security platforms.
Application security teams from Fortune 500 companies are already using Noma's life cycle platform, which offers organizations data and AI supply chain security, AI security posture management, and AI threat detection and response.
With every week bringing news of another AI advance, it’s becoming increasingly important for organizations to understand the risks before adopting AI tools. This look at 10 key areas of concern identified by the Open Worldwide Application Security Project (OWASP) flags risks enterprises should keep in mind through the back half of the year.
Panel Discusses Trends in Ransomware, Application Security and Generative AIInformation Security Media Group editors are live at InfoSecurity Europe Conference 2024 in London with an overview of opening-day activities and hot topics including the latest ransomware trends, software security, election security and artificial intelligence risks.