AppSec stories - Page 4

Anthropic unveils Claude Code Security, an AI tool that scans codebases for complex bugs, verifies risks and suggests patches for developers.

Tenable warns businesses that rapid AI and cloud adoption is creating an invisible exposure gap as identity and supply chain risks surge.

ActiveState launches a 79m-component secure open source catalogue to centralise software supply chains and cut enterprise vulnerability risk.

Checkmarx adds IDE-native security checks to AI-focused Kiro, aiming to catch vulnerabilities earlier and cut security rework for teams.

DryRun Security appoints Signal Sciences Co-founder Andrew Peterson to its board to steer its AI-native code security push.

Okta launches Agent Discovery to uncover and rein in shadow AI agents, mapping risky app access and tightening identity-based controls.

Aerospike Database 8 now embeds default dynamic data masking, tightening PII protection while easing compliance and operational overhead.

DigiCert warns UltraDNS DDoS attacks spiked to record levels in December 2025, driven by massive Aisuru and Kimwolf botnets.

Tenable warns 'LookOut' flaws in Google Looker could hand attackers server control, expose secrets and enable cross-tenant cloud access.

Moltbook left a Supabase key exposed, leaking AI chats, 30,000 emails and 1.5 million API keys in a cautionary tale of vibe coding risk.

Qodo 2.0 launches multi-agent AI code review to boost trust in autogenerated code, claiming 11% better detection of critical issues.

Developers granting AI agents broad, unsupervised access to code and systems are creating new software supply chain and data exposure risks.

DryRun launches DeepScan Agent, an AI tool that scans whole codebases in hours to rank real-world security risks and speed remediation.

Tenable warns unpatched self-hosted Google Looker systems face remote takeover, data theft and cross-tenant cloud attack risks.

RapidFort secures USD $42m Series A to scale automated software supply chain security and continuous vulnerability remediation.

Security Journey launches AI-era developer manifesto and revamped platform to embed secure coding into everyday workflows and tooling.

A security lapse at AI agent service Moltbook exposes risky default database settings, raising fresh alarms over agentic system safeguards.

DigiCert warns Q4 internet traffic stayed high as DDoS and app-layer attacks grew longer and more intense, eroding traditional peak seasons.

AI security fears and rapid release cycles are pushing firms to demand faster, deeper pentesting - and many are ready to ditch existing vendors.

HackerOne launches Agentic PTaaS, blending AI agents with human experts to deliver continuous, always-on penetration testing for enterprises.