Over the past two years, code assistants based on generative AI have transformed software coding, accelerating the generation of code on an unprecedented level. Developers are deploying more code than ever, but at a cost: exponential growth in security vulnerabilities. New research points to a 3X increase in repositories containing Personally Identifiable Information (PII) and payment data, a 10X increase in APIs without authorization and input validation, and more sensitive API endpoints exposed, all threats proliferated by AI-generated code. Though AI code assistants boost productivity, they possess no understanding of organizational risk, compliance policies, or security best practices, leaving companies more exposed ...
DevSecOps
CISA's Product Security Bad Practices paper is one that every company should review as it details the "exceptionally risky software development activities" that are all too common in the industry ... While CISA's efforts can help companies navigate the "need for speed" in a fast-moving DevOps environment, IT and security leaders across the private sector must do their part to prepare their companies for the necessary changes ...
As AI reshapes industries, it has also erased the lines between truth and deception in the digital world. The AI Security Report 2025(link is external) from Check Point® Software Technologies Ltd.(link is external) uncovers four core areas where this erosion of trust is most visible ...
Almost half (49%) of CISOs say buyers now factor application security (AppSec) into purchasing decisions, according to A CISO's Guide to Steering AppSec in the Age of DevSecOps, a report from Checkmarx. In fact, in nearly half of software-based product companies, security oversight has moved outside the CISO's office entirely. As application complexity and scale grow — driven by AI, microservices and hybrid application architectures — engineering teams are increasingly accountable for ensuring secure, scalable delivery ...
Developers are leveraging AI to accelerate the software development lifecycle, enabling them to automate repetitive coding tasks and generate substantial amounts of code in a fraction of the usual time. However, despite the numerous production advantages that AI has brought to organizations, it has simultaneously made it easier for less skilled hackers to infiltrate company systems with AI malicious code ...
You might not hear about Artifactory tokens in mainstream security discussions, but here's a troubling reality: these tokens are corporate security's hidden Achilles' heel. Unlike many leaked credentials that turn out to be harmless personal access tokens or defunct keys, Artifactory tokens almost always lead directly to critical corporate assets ...
Security tools left running with weak configurations are a daily occurrence, as common as your morning brew. Breaches don't always start with flashy zero-days or clever phishing campaigns. They often begin with tools you trust; weak access controls, outdated configurations, and carelessness in setup make them prime targets for malicious actors ...
Proof is in the data from Akamai's new research State of Apps and API Security 2025: How AI Is Shifting the Digital Terrain. Overall, we see traditional web attacks targeting web applications and APIs continue to rise, as shown by a 65% increase between Q1 2023 and Q4 2024. This shows that the capabilities that are being developed are under increasing levels of attack ...
As organizations race to deliver apps at an unprecedented pace, the rise of freely available AI tools with sophisticated capabilities has made it easier than ever for threat actors to effortlessly reverse-engineer, analyze, and exploit applications at an alarming scale ...
Only a fraction of critical vulnerabilities are truly worth prioritizing, according to the State of DevSecOps 2025 from Datadog ... The report found that security engineers are wasting a lot of time on vulnerabilities that aren't necessarily all that severe ...
Imagine spending countless hours crafting a unique algorithm, only to have it stolen and used by someone else. Attackers use various strategies to pilfer source code, from social engineering tactics to malware; thankfully, these malicious tactics have viable and effective defense best practices ...
Enterprises across the world are under attack, and it's getting harder for them to defend themselves ... The regulatory pressures facing companies have made a difference. Recent data from Veracode's 2025 State of Software Security (SoSS) report shows that the percentage of applications passing the Open Worldwide Application Security Project (OWASP) Top 10 tests has increased by 63% over the past five years — a significant improvement. More notably, the prevalence of high-severity flaws has been cut in half over the past decade ...
Software engineers are currently caught between a rock and a hard place. The rock? They're under record pressure to produce and release new software. The hard place? They're increasingly expected to account for the safety, security and provenance of every single software asset they use in those builds. That's demonstrated in the rise of the Software Bill of Materials (SBOM). These two clashing requirements are a source of great anxiety for software engineers ...
The financial sector is a prime target for cyber attacks due to its extensive digital presence and sensitive customer data. With the rise of online banking, mobile payments, and fintech innovations, cyber threats continue to evolve, exploiting vulnerabilities in financial applications. To protect transactions, customer data, and business operations, strong security measures are essential. Web Application Firewalls(link is external) (WAFs) and API security(link is external) solutions have become critical for ensuring application integrity and regulatory compliance ...
Organizations are failing to protect their APIs despite persistent breaches and increased awareness of security risks, according to 2025 Global State of API Security from Traceable AI ...