Application Security
Agile development’s cycle of deployments and patches generates ample opportunities for hackers looking for a way in. Application security must be strong, vigilant, and nimble. Read our insights.
Insights
Blog
Secure The Future Of Internet Traffic As Agents Take Over
AI agent traffic is reshaping how users interact with digital experiences. In The Forrester Wave™: Bot And Agent Trust Management Software, Q2 2026, we explore how this shift is transforming a market that has historically focused on detecting and mitigating bot attacks into one that must also enable trusted automated traffic at scale. Here are […]
Blog
Move Over, WAF: The Web Application Protection Platform Takes Over
For years, the web application firewall (WAF) has been a foundational control for protecting customer‑facing digital experiences. It started as a compliance-driven application security tool that filtered malicious traffic, blocked common exploits, and provided a last line of defense in front of web applications. But the way applications are built, deployed, and attacked has fundamentally […]
Blog
OpenAI’s Daybreak Promises To Improve AppSec But Introduces A New Pricing Model: Five Buyer-Side Implications For CISOs
OpenAI recently announced Daybreak, its vision for making agentic application security faster and more capable. While promising, Daybreak will also make security more expensive per unit of work. In this model, customers will pay for tokens and multiagent workflows burn tokens. CISOs and CIOs should budget for application security (AppSec) line-item inflation, not deflation, with […]
Blog
Not A Vendor, Still A Breach: Vercel’s Third-Party Risk Failure
Some security incidents are complex. The Vercel incident is more troubling because it was predictable. The attackers did not exploit a procurement gap. They exploited a definition gap. Here’s what happened. A Vercel employee signed up for Context.ai’s AI Office Suite using a corporate Google account and clicked something effectively equivalent to “Allow All,” granting […]
Blog
Project Glasswing Shows That AI Will Break The Vulnerability Management Playbook
Anthropic, along with 11 other companies, recently announced Project Glasswing — an initiative that aims to secure software in the wake of advances in AI capabilities, most notably Anthropic’s Claude Mythos Preview frontier model. Project Glasswing is made up of a who’s who of tech companies, cybersecurity vendors, and others: Amazon Web Services, Anthropic, Apple, […]
Blog
Agentic Development Security: Why AppSec Needs A New Operating Model
Application security testing (AST) has reached an inflection point. The market is crowded, capabilities overlap, and detection alone is no longer a source of durable differentiation. DevOps platforms embed security features. Cloud-native application protection platform vendors continue to push left. Application security posture management specialists offer open-source scanning technologies. And AI frontier labs such as […]
Blog
App Security Is Evolving Fast: Here’s What Security Leaders Should Know
The application and product security landscape is evolving as threat actors demonstrate greater sophistication, placing increased demands on security programs.
Blog
No, You Can’t Just Vibe Code Commerce — Yet
“What coding?” Vibe coding is the cute term for using genAI systems to create, debug, or update programming code. People can use it without knowing how to write a line of code themselves. What this means: Lots of people are generating code they don’t understand. It’s not just developers using these tools to code faster; for example, it’s schoolteachers writing their […]
Blog
Lessons Learned From 2025: Breaches Are Borderless And Regulators Are Watching
2025 was another year defined by massive data breaches and privacy fines, with over 10.6 billion records exposed and nearly $2.8 billion in penalties among the year’s most notable incidents. In our newest report, Lessons Learned From The World’s Biggest Data Breaches And Privacy Abuses, 2025, we analyzed the top 35 breaches and most notable […]
Blog
Regulators Are Moving On SBOMs — But Is Your Compliance Program Keeping Pace?
Software bill of materials (SBOM) requirements are advancing rapidly, and the time for “wait and see” is quickly running out. The global regulatory landscape for software supply chain security is shifting from recommendations to mandates, yet many organizations remain unprepared. What you do now will determine whether your company is ready or left behind as […]
Blog
What We’re Looking Forward To At The RSAC 2026 Conference
The annual RSAC Conference in San Francisco is the cybersecurity industry’s biggest event of the year. For the analysts attending, RSAC Conference week provides an opportunity to learn about cybersecurity trends and topics, meet with vendors and clients, and share our insights and observations. It’s also an excellent opportunity to meet our daily step goals […]
Blog
Claude Code Security Causes A SaaS-pocalypse In Cybersecurity
We have seen this pattern before, even if the specifics look different. Think back to the day AWS introduced GuardDuty, when Microsoft folded Defender for Endpoint into its enterprise licensing commitments and launched Microsoft Sentinel, or when Google acquired Mandiant and eventually Wiz. Sure, the launch of fully autonomous AI agents that can ingest entire […]
Blog
Create A Cross-Functional Q-Day Team Or Suffer A Hard Day’s Night
Quantum security requirements will hit parts of the organization that you both did and did not expect, from the security team looking to upgrade its public key infrastructure (PKI) to the development team making sure that upcoming releases are quantum-safe to the infrastructure team looking at hardware refreshes and legacy internet-of-things (IoT) devices. To build out a […]
Blog
When A Hosting Provider Becomes A Hostile Provider: The Notepad++ Compromise
The detailed writeup from cybersecurity vendor Rapid7 about the Notepad++ compromise gives CISOs a clear demonstration of how a single failure in the distribution process for a widely used utility can become an enterprise-scale software supply chain event. Developers, analysts, automation engineers, researchers, IT operators, and security teams use this editor as part of their […]
Blog
Ready For OpenClaw To Pry Into Your Environment And Grip Your Data
A formidable challenge awaits security leaders as personal tools like Moltbot spread. AI butlers are the next shadow super-user.
Blog
Announcing The Static Application Security Testing Solutions Forrester Wave™ And Buyer’s Guide — AI Brings Opportunity To SAST Solutions
The new Forrester Wave™ and Buyer's Guide details how AI is changing the way static application security testing (SAST) solutions are used. Learn more in this preview of the report.
Blog
Anthropic Catches Attackers Using Agents In The Act
On November 13, AI vendor Anthropic published details about the disruption of what it characterized as an AI-led cyber espionage operation. Learn what is in Anthropic's report and get tips on how to protect against future AI-enabled attacks.
Blog
Secure Vibe Coding: I’ve Done It Myself, And It’s A Paradigm, Not A Paradox
“There’s a new kind of coding I call ‘vibe coding,’ where you fully give in to the vibes, embrace exponentials, and forget that the code even exists,” said Andrej Karpathy in a post on X (formerly Twitter) back in February.
Blog
Developer-Led Growth Meets Enterprise-Grade Security And Distributed Infrastructure At Cloudflare Connect 2025
Cloudflare Connect 2025 had a distinctly optimistic vibe as the vendor positions itself as the connective tissue for modern digital operations in the enterprise and showcases its AI security abilities. Learn more in this event review.
Blog
Global Cybersecurity Spending To Exceed $300B By 2029
Despite the ongoing macroeconomic uncertainty in 2025, cybersecurity spending will rise by 13.1% this year to $174.8 billion, driven by ongoing concerns around cyberattacks and the need to secure new cloud-based deployments. Find out more in our cybersecurity spending forecast.
More posts