Application Security
Agile development’s cycle of deployments and patches generates ample opportunities for hackers looking for a way in. Application security must be strong, vigilant, and nimble. Read our insights.
Insights
Blog
Project Glasswing Shows That AI Will Break The Vulnerability Management Playbook
Anthropic, along with 11 other companies, recently announced Project Glasswing — an initiative that aims to secure software in the wake of advances in AI capabilities, most notably Anthropic’s Claude Mythos Preview frontier model. Project Glasswing is made up of a who’s who of tech companies, cybersecurity vendors, and others: Amazon Web Services, Anthropic, Apple, […]
Blog
Agentic Development Security: Why AppSec Needs A New Operating Model
Application security testing (AST) has reached an inflection point. The market is crowded, capabilities overlap, and detection alone is no longer a source of durable differentiation. DevOps platforms embed security features. Cloud-native application protection platform vendors continue to push left. Application security posture management specialists offer open-source scanning technologies. And AI frontier labs such as […]
Blog
App Security Is Evolving Fast: Here’s What Security Leaders Should Know
The application and product security landscape is evolving as threat actors demonstrate greater sophistication, placing increased demands on security programs. It’s not just the volume of attacks rising but the speed at which attackers are able to weaponize Common Vulnerabilities and Exposures, with the median time to exploit a vulnerability now under a day and […]
Blog
No, You Can’t Just Vibe Code Commerce — Yet
“What coding?” Vibe coding is the cute term for using genAI systems to create, debug, or update programming code. People can use it without knowing how to write a line of code themselves. What this means: Lots of people are generating code they don’t understand. It’s not just developers using these tools to code faster; for example, it’s schoolteachers writing their […]
Blog
Lessons Learned From 2025: Breaches Are Borderless And Regulators Are Watching
2025 was another year defined by massive data breaches and privacy fines, with over 10.6 billion records exposed and nearly $2.8 billion in penalties among the year’s most notable incidents. In our newest report, Lessons Learned From The World’s Biggest Data Breaches And Privacy Abuses, 2025, we analyzed the top 35 breaches and most notable […]
Blog
Regulators Are Moving On SBOMs — But Is Your Compliance Program Keeping Pace?
Software bill of materials (SBOM) requirements are advancing rapidly, and the time for “wait and see” is quickly running out. The global regulatory landscape for software supply chain security is shifting from recommendations to mandates, yet many organizations remain unprepared. What you do now will determine whether your company is ready or left behind as […]
Blog
What We’re Looking Forward To At The RSAC 2026 Conference
The annual RSAC Conference in San Francisco is the cybersecurity industry’s biggest event of the year. For the analysts attending, RSAC Conference week provides an opportunity to learn about cybersecurity trends and topics, meet with vendors and clients, and share our insights and observations. It’s also an excellent opportunity to meet our daily step goals […]
Now On Demand: 2026 Tech And Security Predictions
Missed it live? Watch our on-demand webinar to explore our 2026 predictions. Learn what tech and security leaders must do to lead with trust and value.
Blog
Claude Code Security Causes A SaaS-pocalypse In Cybersecurity
We have seen this pattern before, even if the specifics look different. Think back to the day AWS introduced GuardDuty, when Microsoft folded Defender for Endpoint into its enterprise licensing commitments and launched Microsoft Sentinel, or when Google acquired Mandiant and eventually Wiz. Sure, the launch of fully autonomous AI agents that can ingest entire […]
Blog
Create A Cross-Functional Q-Day Team Or Suffer A Hard Day’s Night
Quantum security requirements will hit parts of the organization that you both did and did not expect, from the security team looking to upgrade its public key infrastructure (PKI) to the development team making sure that upcoming releases are quantum-safe to the infrastructure team looking at hardware refreshes and legacy internet-of-things (IoT) devices. To build out a […]
Blog
When A Hosting Provider Becomes A Hostile Provider: The Notepad++ Compromise
The detailed writeup from cybersecurity vendor Rapid7 about the Notepad++ compromise gives CISOs a clear demonstration of how a single failure in the distribution process for a widely used utility can become an enterprise-scale software supply chain event. Developers, analysts, automation engineers, researchers, IT operators, and security teams use this editor as part of their […]
Blog
Ready For OpenClaw To Pry Into Your Environment And Grip Your Data
A formidable challenge awaits security leaders as personal tools like Moltbot spread. AI butlers are the next shadow super-user.
Blog
Announcing The Static Application Security Testing Solutions Forrester Wave™ And Buyer’s Guide — AI Brings Opportunity To SAST Solutions
The new Forrester Wave™ and Buyer's Guide details how AI is changing the way static application security testing (SAST) solutions are used. Learn more in this preview of the report.
Blog
Anthropic Catches Attackers Using Agents In The Act
On November 13, AI vendor Anthropic published details about the disruption of what it characterized as an AI-led cyber espionage operation. Learn what is in Anthropic's report and get tips on how to protect against future AI-enabled attacks.
Blog
Secure Vibe Coding: I’ve Done It Myself, And It’s A Paradigm, Not A Paradox
“There’s a new kind of coding I call ‘vibe coding,’ where you fully give in to the vibes, embrace exponentials, and forget that the code even exists,” said Andrej Karpathy in a post on X (formerly Twitter) back in February.
Blog
Developer-Led Growth Meets Enterprise-Grade Security And Distributed Infrastructure At Cloudflare Connect 2025
Cloudflare Connect 2025 had a distinctly optimistic vibe as the vendor positions itself as the connective tissue for modern digital operations in the enterprise and showcases its AI security abilities. Learn more in this event review.
Blog
Global Cybersecurity Spending To Exceed $300B By 2029
Despite the ongoing macroeconomic uncertainty in 2025, cybersecurity spending will rise by 13.1% this year to $174.8 billion, driven by ongoing concerns around cyberattacks and the need to secure new cloud-based deployments. Find out more in our cybersecurity spending forecast.
Blog
Bot Management Graduates — Introducing The Bot And Agent Trust Management Market
Starting with our upcoming landscape report, we are changing the name of this category of software from bot management software to bot and agent trust management software. Find out why and get a full definition in this post.
Blog
How To Build AI Red Teams That Actually Work
AI red teaming blends offensive security tactics with safety evaluations for bias, toxicity, and reputational harm. It’s messy, fragmented and, most of all, necessary. Get six tips to get started on an AI red team that actually works in this preview of our upcoming Security & Risk Summit.
Blog
JFrog SwampUp 2025: The Agentic Development Era Emerges From The Swamp
Learn how JFrog’s announcements at its recent SwampUp user conference differed from those of its competitors by having an emphasis on application trust, supply chain integrity, and agentic development releases.
Blog
Tencent Targets Overseas Markets With Its TCE Sovereign Cloud Offering
Find out more about Tencent’s sovereign cloud solution, Tencent Cloud Enterprise, which it is using to pursue overseas business expansion.
More posts