AppSec stories - Page 4

As AI tools spread through software teams, rising security flaws and shadow AI use are forcing leaders to tighten guardrails fast.

Chainguard expands its rebuilt-from-source Libraries to Python, Java and JavaScript, targeting malware risks in AI-driven software supply chains.

A rapid surge in OpenClaw AI assistant use has left tens of thousands of exposed systems and a trail of hijacked tools and malicious add-ons.

GitLab expands its MSP partner programme to deliver agentic AI-powered DevSecOps as a managed service with strict data sovereignty controls.

Datadog warns 87% of organisations run software with exploitable flaws as ageing code, fast releases and automation amplify DevSecOps risk.

Security debt hits 82% of organisations as legacy flaws linger over a year, with third-party code driving most critical vulnerabilities.

Most CIOs expect AI-driven cyber attacks within a year, but only a third feel prepared, exposing a widening gap in cyber resilience.

Rapid AI and cloud adoption is fuelling a new wave of cyber risk, as Tenable warns of exposed software supply chains and “ghost” identities.

Anthropic unveils Claude Code Security, an AI tool that scans codebases for complex bugs, verifies risks and suggests patches for developers.

Tenable warns businesses that rapid AI and cloud adoption is creating an invisible exposure gap as identity and supply chain risks surge.

ActiveState launches a 79m-component secure open source catalogue to centralise software supply chains and cut enterprise vulnerability risk.

Brinqa has rolled out AI agents to infer asset owners and deduplicate findings, aiming to cut cyber risk noise in sprawling IT estates.

Checkmarx adds IDE-native security checks to AI-focused Kiro, aiming to catch vulnerabilities earlier and cut security rework for teams.

Vehere boosts North America cyber sales push with senior hires Glen Hlavsa and Ali Abughannam to target enterprise NDR demand.

DryRun Security appoints Signal Sciences Co-founder Andrew Peterson to its board to steer its AI-native code security push.

Okta launches Agent Discovery to uncover and rein in shadow AI agents, mapping risky app access and tightening identity-based controls.

Backslash raises USD $19m to secure emerging AI 'vibe coding' workflows as autonomous agents reshape how enterprise software is built.

CodeHunter extends its behavioural malware analysis into CI/CD pipelines, targeting risky software artefacts before they reach production.

Aerospike Database 8 now embeds default dynamic data masking, tightening PII protection while easing compliance and operational overhead.

DigiCert warns UltraDNS DDoS attacks spiked to record levels in December 2025, driven by massive Aisuru and Kimwolf botnets.