AppSec stories

Appdome unveils mobile API defence that checks app, device and session identity before granting access, targeting bot abuse and takeover attacks.

Capsule Security emerges from stealth with $7 million backing to police AI agents at runtime as enterprises widen their use.

Thoughtworks warns AI-assisted coding is swelling software complexity, as developers lean on older controls to curb security and oversight risks.

Cloudflare and Wiz team up to map shadow AI risks across cloud estates and protect sensitive data as firms race to secure chatbot deployments.

OpenAI broadens Trusted Access for Cyber to verified defenders, giving vetted users GPT-5.4-Cyber for tougher security work and code analysis.

Sonatype flags 21,764 malicious open-source packages in Q1 2026, with npm hit hardest as attackers used trusted workflows to steal secrets.

Forrester warns Anthropic's Project Glasswing could overwhelm vulnerability management, as AI uncovers flaws faster than patching teams can respond.

Cloudsmith survey finds most engineering teams still lack automated SBOM checks, leaving many unready for fast EU Cyber Resilience Act audits.

Permiso launches SandyClaw sandbox to detonate AI agent skills and expose hidden runtime risks before they reach enterprise systems.

F5 and Forcepoint have teamed up to link data discovery with runtime controls, aiming to curb AI risks as enterprises move systems into production.

F5 and Forcepoint team up to give enterprises continuous AI security, linking data discovery with runtime controls to reduce risk in production systems.

Miggo extends its runtime security platform to map, monitor and rein in AI agents and MCP toolchains as live behaviour becomes attack focus.

NetRise unveils Provenance, a tool to trace open source maintainers and stop risky dependencies before they spread through software.

Novee unveils an autonomous AI red teaming tool to probe LLM apps for prompt injection, jailbreaks and other emerging security flaws.

Sonatype says smaller AI tied to live software data can outsecure larger models on dependency upgrades, slashing risk and cost.

NSS Labs warns many enterprise AI guardrails fail basic security tests, urging independent, real-world validation of protections.

Cloudsmith adds automated controls to quarantine and block risky dependencies, tightening enforcement on software supply chain security.

Red Hat reports 97% of organisations suffered cloud-native security incidents last year, exposing basic failings in configuration and governance.

Veracode unveils an AI-driven tool that automatically fixes open-source vulnerabilities, tackling mounting security debt in software supply chains.

UiPath is pushing AI deeper into software testing, promising autonomous agents that transform quality assurance and developers' roles.