Here are the key takeaways CISOs and other security leaders should consider for their 2026 third-party cyber risk management (TPCRM) strategies.

Experts say legacy strategies and tooling can’t manage today’s commercial software threats. Here’s why binary analysis is necessary.

Here’s what you need to know about AI agents’ impact on software supply chain security — and what you can do to fight back. 

AI coding is the new reality — and it will further destabilize software supply chain security. So step up your AppSec.

AI-generated code is a game changer — requiring embedded, AI-driven application security. Here’s why you need to fight fire with fire.

The tool is a step forward for managing AI coding risk — but it trips on modern supply chain threats because it looks only at source code.

The OpenClaw saga is a case study on the AI threat, demonstrating how it increases supply chain risk.

OWASP has adopted a new container security analyzer to slow information overload from tools. Here’s what you need to know.

Package URLs give software components an exact address to improve vulnerability matching, which reduces alert fatigue and simplifies compliance.

AI agents create novel attack surfaces and control issues that require rethinking basic assumptions — and AppSec tooling.