Built-in security can play a role — and fits with the Secure by Design concept — but robust security controls remain essential to managing risk.

Vibe-coded apps that make it to production can be a minefield for security teams. Here are key takeaways for your AppSec team.

More than half of MCP servers were found to rely on static, long-lived credentials. With AI agents on the rise, that’s a problem.

A recent npm supply chain attack compromised 18 popular packages. This post explains how Cloudflare’s graph-based machine learning model, which analyzes 3.5 billion scripts daily, was built to detect and block exactly this kind of threat automatically.

While 2FA and trusted publishing will help, you need tools that give visibility into how packages behave — not just who is publishing.

Google and others are inundating development teams with AI-powered reporting. Are AI-enabled fixes the answer? 

The Open Worldwide Application Security Project’s widely used AppSec priority list is expanding to cover systemic risk to software security.

Here's why gaining visibility into supply chain threats — and adding controls for software risk — are essential to insurability.

Open-source platforms and developer tooling are targeted as AI coding ramps up risk. Here’s why it’s time to go beyond implicit trust. 

Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.