AppSec stories
The findings suggest AI-assisted bug hunting is edging closer to practical exploitation, raising the stakes for software teams racing to patch flaws.
Enterprises are testing only about 32% of their attack surface, leaving many assets outside regular security checks as threats grow faster.
Security teams may cut backlogs as validated HackerOne flaws are mapped into Wiz, linking exploit evidence to cloud assets for faster prioritisation.
Security teams can now rank cloud flaws by exploitability and impact, as validated HackerOne reports feed directly into Wiz's risk graph.
Security teams under pressure to prove real exploitability can now test live production systems for attack paths rather than theoretical flaws.
Security teams face new risks from AI coding tools as Cycode adds controls for prompts, generated code and unauthorised model use.
Security teams face a broader threat as criminals and state-backed actors use generative AI to speed hacks, phishing and malware.
MSPs will gain a single platform for cloud threat detection as the deal widens WatchGuard's reach into identity and SaaS security.
Organisations using AI in software development will get training on secure coding and governance as vulnerabilities and data risks mount.
The move aims to widen security coverage as firms struggle to test expanding attack surfaces quickly enough.
It aims to cut wasted search time for coding agents after tests found most of their work was reading files rather than editing code.
A flaw in a widely watched Microsoft repository could have let attackers run code and steal secrets through GitHub Actions, Tenable said.
Detection of malicious code can collapse when AI reviewers are fed large files packed with harmless text, Cloudflare's research shows.
Ransomware activity stayed elevated in March, with NCC Group saying Qilin alone was linked to 136 attacks and drove a 43% monthly rise.
Security teams can now validate scanner findings in minutes as Intruder rolls out AI agents to cut false positives and speed remediation.
It lets developers use AI coding tools without pasting sensitive credentials into prompts, reducing the risk of secrets leaking into logs or source control.
Security teams can now validate scanner alerts in minutes as Intruder’s new AI agents cut false positives and speed up triage.
It aims to cut alert fatigue by using runtime data to validate threats, prioritise real risks and guide fixes across cloud and AI systems.
Organisations using AI-assisted development can now get specialist secure coding training as KnowBe4 expands its library for technical teams.
It aims to cut the time security teams need to spot exploitable flaws and deploy temporary defences before attackers strike.
