AppSec & Supply Chain Security

April 29, 2026

MCP rug-pull attack worries mount

This new class of AI tool supply chain attack highlights how trust of agents can be exploited.

Read More about MCP rug-pull attack worries mount

MCP rug-pull attack worries mount

April 23, 2026

Can AppSec keep pace with AI coding?

AI lets software teams generate code at a rate faster than security can validate it. One way to win the race: more AI.

Read More about Can AppSec keep pace with AI coding?

Can AppSec keep pace with AI coding?

April 22, 2026

LLMmap puts its finger on ML attacks

Researchers show how LLM fingerprinting can be used to automate generation of customized attacks.

Read More about LLMmap puts its finger on ML attacks

LLMmap puts its finger on ML attacks

April 16, 2026

Vibeware: More than bad vibes for AppSec

Threat actors are leveraging the freewheeling vibe-coding trend to deliver malicious software at scale.

Read More about Vibeware: More than bad vibes for AppSec

Vibeware: More than bad vibes for AppSec

April 15, 2026

The CRA is coming: Are you ready?

Here's how the EU's Cyber Resilience Act will reshape the software industry — and how that accelerates advantages.

Read More about The CRA is coming: Are you ready?

The CRA is coming: Are you ready?

April 8, 2026

Claude Mythos: Get your AppSec game on

Anthropic's new AI is a 'step change' for exposing software flaws — but also ramps up exploits. Are you ready?

Read More about Claude Mythos: Get your AppSec game on

Claude Mythos: Get your AppSec game on

April 7, 2026

28 application security stats that matter

AI and open source are redefining the software threat landscape. Here are the key statistics you need to know.

Read More about 28 application security stats that matter

28 application security stats that matter

April 2, 2026

Axios: How AppSec teams should respond

Here's a mitigations checklist and best practices. Plus: How RL’s xBOM and Spectra Assure Community can help.

Read More about Axios: How AppSec teams should respond

Axios: How AppSec teams should respond

April 1, 2026

How JPMC tackles software ‘trust debt’

JPMorgan Chase CISO Patrick Opet discussed his letter on third-party software risk — and how that has played out.

Read More about How JPMC tackles software ‘trust debt’

How JPMC tackles software ‘trust debt’

March 31, 2026

GenAI Security Project ramps up guidance

With AI ramping up risk, OWASP stepped up its project to help AppSec teams get up to speed — and take action.

Read More about GenAI Security Project ramps up guidance

GenAI Security Project ramps up guidance

March 27, 2026

AppSec as attacker: Inside Trivy–LiteLLM

The perimeter isn't your firewall — it's your CI/CD pipeline. Here’s what to know about TeamPCP's supply chain attack.

Read More about AppSec as attacker: Inside Trivy–LiteLLM

AppSec as attacker: Inside Trivy–LiteLLM

March 26, 2026

Decouple SIEM data to reshape your AppSec

Shift to a data security pipeline platform to get software visibility that modern supply chain threats demand.

Read More about Decouple SIEM data to reshape your AppSec

Decouple SIEM data to reshape your AppSec

March 25, 2026

How AI agents can weaponize IDEs

Research shows that AI coding can tap integrated development environments to become privileged insider threats. 

Read More about How AI agents can weaponize IDEs

How AI agents can weaponize IDEs

March 18, 2026

OpenClaw lesson: AI agents are a black hole

AI agents create novel attack surfaces and control issues that require rethinking assumptions — and AppSec tooling.

Read More about OpenClaw lesson: AI agents are a black hole

OpenClaw lesson: AI agents are a black hole

March 11, 2026

OWASP adopts DockSec: Why it matters

OWASP has adopted the container security tool to slow information overload. Here’s what you need to know.

Read More about OWASP adopts DockSec: Why it matters

OWASP adopts DockSec: Why it matters