AppSec stories

Lineaje survey flags a widening governance gap as most firms use AI-generated code, yet few can fully see or track it.

Check Point says Anthropic's Claude Code can quietly stash credentials in .claude/settings.local.json, which may be published in public npm packages.

Check Point and Google Cloud add governance and live monitoring to enterprise AI agents as firms race to secure autonomous workflows.

AI coding accelerates software delivery, but security teams struggle to keep up as more code, alerts and manual checks pile up.

Zscaler joins Anthropic's Project Glasswing to test Claude Mythos Preview in software scans, as the firm pushes zero trust against AI-driven attacks.

HackerOne unveils h1 Validation as vulnerability reports surge 76% and AI tools speed up discovery, leaving firms struggling to triage real threats.

Chainguard and Cursor strike partnership to embed verified open source dependencies into AI coding, aiming to curb supply chain risks at machine speed.

Tenable warns a GitHub Actions bug in Microsoft's Windows-driver-samples repo could let attackers run code and steal secrets via public issues.

AI models that can hunt and chain software flaws are forcing boards to rethink cyber defences, while scrutiny grows over Anthropic's MCP design risks.

LangWatch releases open-source AI red-teaming framework to expose hidden vulnerabilities in production agents through multi-turn attack simulations.

Appdome unveils mobile API defence that checks app, device and session identity before granting access, targeting bot abuse and takeover attacks.

Capsule Security emerges from stealth with $7 million backing to police AI agents at runtime as enterprises widen their use.

Thoughtworks warns AI-assisted coding is swelling software complexity, as developers lean on older controls to curb security and oversight risks.

Cloudflare and Wiz team up to map shadow AI risks across cloud estates and protect sensitive data as firms race to secure chatbot deployments.

OpenAI broadens Trusted Access for Cyber to verified defenders, giving vetted users GPT-5.4-Cyber for tougher security work and code analysis.

Sonatype flags 21,764 malicious open-source packages in Q1 2026, with npm hit hardest as attackers used trusted workflows to steal secrets.

Forrester warns Anthropic's Project Glasswing could overwhelm vulnerability management, as AI uncovers flaws faster than patching teams can respond.

Permiso launches SandyClaw sandbox to detonate AI agent skills and expose hidden runtime risks before they reach enterprise systems.

F5 and Forcepoint have teamed up to link data discovery with runtime controls, aiming to curb AI risks as enterprises move systems into production.

JFrog teams up with iZeno to bring software supply chain and AI governance tools to Southeast Asian enterprises amid rising compliance demands.