AppSec stories - Page 2

Aqua Security's Trivy GitHub Action was hijacked to ship infostealer code via CI/CD pipelines, exposing secrets across downstream users.

GitLab opens agentic AI to free-tier users, sets USD $0.25 flat fee for automated code reviews and expands security false-positive filtering.

Cobalt weaves AI into its pentesting platform, automating recon and triage while keeping human experts on complex attack paths.

NetSPI unveils an AI-powered overhaul of its pentesting platform UX, promising two-click workflows and sharper risk-based remediation focus.

Miggo and Grafana link runtime security to Grafana Cloud telemetry, promising major cuts to critical vulnerability noise for joint users.

Chainguard launches a free Catalog Starter pack, giving developers five production-grade secure container images from its vast library.

Lineaje launches UnifAI, a security and governance layer to centralise control, discovery and policy for enterprise agentic AI deployments.

HackerOne launches live Agentic Prompt Injection Testing to expose real-world AI exploit paths as prompt injection threats surge 540%.

JFrog launches an MCP registry to centralise and secure AI coding agents, extending software supply chain controls to agent workflows.

Secure Code Warrior launches SCW Trust Agent: AI, giving security teams commit-level visibility and control over AI-influenced code.

AI-fuelled coding drives record 29 million hardcoded secrets on GitHub in 2025, with leaks from AI tools and services surging sharply.

Harness has launched AI Security and Secure AI Coding tools to spot and block vulnerabilities in AI-powered apps and AI-generated code.

1Password unveils Unified Access to secure AI agents and machine credentials, promising endpoint-to-agent visibility for security teams.

Tenzai's autonomous AI agent has placed in the top 1% of major global hacking CTF contests, beating more than 125,000 human rivals.

Secure Code Warrior launches SCW Trust Agent: AI to trace, rate and police AI-generated code risks directly at developers' commit point.

Checkmarx overhauls its One platform with AI-native security agents to guard fast-moving, agentic development and AI software supply chains.

ActiveState launches Curated Catalog, a private, pre-vetted open source repository to tighten software supply chain security for enterprises.

Spoofed AI agents are hammering major websites with billions of hidden requests, driving up costs and outpacing current security defences.

Manifest unveils SBOM generator for unmanaged C and C++ code, tackling critical supply chain blind spots in embedded and safety systems.

Tenable appoints veteran cybersecurity sales leader Dino DiMarino as chief revenue officer to drive global growth in exposure and AI risk.