Some security incidents are complex. The Vercel incident is more troubling because it was predictable. The attackers did not exploit a procurement gap. They exploited a definition gap. Here’s what happened. A Vercel employee signed up for Context.ai’s AI Office Suite using a corporate Google account and clicked something effectively equivalent to “Allow All,” granting […]

A cascading supply chain attack did not start with a zero-day exploit, an unpatched vulnerability, or a brute-force attack. It started with a bored employee wanting to get ahead in an online game. A Context.ai employee downloaded a Roblox game cheat, an unofficial script for an online game that came bundled with Lumma Stealer malware […]

Anthropic, along with 11 other companies, recently announced Project Glasswing — an initiative that aims to secure software in the wake of advances in AI capabilities, most notably Anthropic’s Claude Mythos Preview frontier model. Project Glasswing is made up of a who’s who of tech companies, cybersecurity vendors, and others: Amazon Web Services, Anthropic, Apple, […]

AI already runs inside most enterprises. Forrester’s Q4 2025 AI Pulse Survey shows that 50% of organizations are piloting agentic AI, while 24% have it in production. Security teams are catching up after the fact. The RSAC Innovation Sandbox (ISB) finalists — Charm Security, Clearly AI, Crash Override, Fig Security, Geordie AI, Glide Identity, Humanix, […]

Application security testing (AST) has reached an inflection point. The market is crowded, capabilities overlap, and detection alone is no longer a source of durable differentiation. DevOps platforms embed security features. Cloud-native application protection platform vendors continue to push left. Application security posture management specialists offer open-source scanning technologies. And AI frontier labs such as […]

RSAC Conference 2026 has come and gone. Gone, too, are the petting zoos of yesteryear, replaced this year by — of all things — pop-up tattoo parlors. Or as one attendee observed, “We’ve traded livestock for live needles.” This year’s attendance of over 43,500 was flat compared to 2025, but the sessions and exhibit floor […]

The application and product security landscape is evolving as threat actors demonstrate greater sophistication, placing increased demands on security programs.

“What coding?” Vibe coding is the cute term for using genAI systems to create, debug, or update programming code. People can use it without knowing how to write a line of code themselves. What this means: Lots of people are generating code they don’t understand. It’s not just developers using these tools to code faster; for example, it’s schoolteachers writing their […]

Agentic AI expands your attack surface from apps and users to autonomous actors who plan, decide, and act across tools, data, and systems. Forrester’s Agentic AI Guardrails For Information Security (AEGIS) framework helps security leaders apply guardrails across six domains: governance, risk, and compliance; identity and access management; data security and privacy; application security; threat management; and Zero Trust architecture principles.In this webinar, we translate AEGIS from framework to technology reality. We walk through the technology control points and categories that security teams can deploy to enforce least agency, reduce Key takeaways: Reframe AI security from protecting apps and users to governing autonomous agents using AEGIS-aligned guardrails.Identify the critical technology control points, including AI runtime security, LLM gateways and firewalls, red teaming, model context protocol (MCP) security, and AI supply chain controls.Map AI security technology categories to the six AEGIS domains to clarify ownership, reduce overlap, and prioritize spend.Apply a phased, actionable roadmap that translates AEGIS from framework to deployable controls delivering continuous assurance.Target audience level: all levels

On top of an already challenging discipline, AI accelerates insecure code creation, multiplies attack surfaces, and introduces new risks that application security must address. But fragmented tooling, limited visibility of dependencies, and emerging compliance requirements make it even more difficult to manage. This report identifies the 10 most critical application security trends in 2026. Security and development professionals should use this report to modify their application security strategy and practices to successfully respond.