Securing an application is just as important as building it in the first place. As data becomes more valuable, there are more people who want to steal it and use it for their own personal gain.
Making sure applications are indeed secure has always been a challenge, as hackers try to stay one step ahead of defenders. When organizations ran their applications in their own data centers, firewalls were an effective way of denying hackers access. The explosion of the Internet led to the creation of web applications, with entry points via the browser into client-side code that could endanger the organization.
Further, the increased speed of feature delivery in software stresses security teams trying to prevent hacks and data breaches. Today, with application modularity and edge computing increasing, along with the increased use of open-source software, that challenge has only become more difficult. Hackers now have more surface area to target than ever before. Here are the top threats organizations face as they work to secure their applications, data and systems.
IT and developers must work to ensure that their applications and systems are secure. On the development side, security touches nearly every step of the process, from the planning stage, development, to testing. The use of automation in security can help organizations stay one step ahead.
The Model Context Protocol (MCP) was created to enable AI agents to connect to data and systems, and while there are a number of benefits to having a standard interface for connectivity, there are still issues to work out regarding privacy and security. Already there have been a number of incidents caused by MCP, such … continue reading
AI-generated code introduces a lot of risk into the development process. A recent Sonatype report found that AI hallucinated 27% of upgrade recommendations for open source projects, while research from Veracode found that AI introduced security vulnerabilities in 45% of 80 coding tasks across 100+ different LLMs. Now, new research from Black Duck is shedding … continue reading
Arcjet has announced the release of version 1 of its JavaScript SDK designed to enable security capabilities like bot detection, email validation, attack protection, and data redaction across JavaScript apps. “Shipping v1.0 is a clear signal to developers that Arcjet’s API is stable and fully tested with real production workloads,” said David Mytton, CEO of … continue reading
OpenClaw is an AI agent designed to act like a personal assistant, managing your email, calendar, social media accounts, and more, all from a messaging app like WhatsApp or Signal. While it has amassed a great deal of popularity — at the time of this writing it has over 180,000 stars on GitHub — many … continue reading
Open-source adoption is being accelerated by AI and automation, but developers need to proceed with caution to ensure they’re not introducing extra risk into their software supply chain. Brian Fox, co-founder and CTO of Sonatype, explained that AI can accelerate good engineering, but it can also scale mistakes faster, especially if it doesn’t have real-world … continue reading
Codenotary is adding new capabilities to its SBOM.sh service, which provides free analysis of software bills of materials (SBOMs). According to the company, the updates were made in consideration of AI applications, and the tool now treats datasets as software supply chain artifacts. “Traditional SBOM tools were built for an earlier era – focusing primarily … continue reading
Docker has announced that it is open sourcing its catalog of over 1,000 Docker Hardened Images (DHI), which are production-ready images maintained by Docker to reduce vulnerabilities in container images. Each image includes a complete software bill of materials (SBOM), transparent public CVE data, SLSA Build Level 3 provenance, and cryptographic proof of authenticity. Available … continue reading
As this year comes to a close, many experts have begun to look ahead to next year. Here are several predictions for how companies will manage security in 2026. Suja Viswesan, security software leader at IBM Shadow agents will accelerate data exposure faster than we can detect it: As autonomous AI agents begin to operate … continue reading
A new malicious campaign linked to the Shai-Hulud worm is making its way throughout the npm ecosystem. According to findings from Wiz, over 25,000 npm packages have been compromised and over 350 users have been impacted. Shai-Hulud was a worm that infected the npm registry back in September, and now a new worm spelled as … continue reading
Doctors have to follow the Hippocratic Oath, swearing to do no harm to their patients. Developers ought to be following a similar oath, promising to do no harm to their codebase when implementing new features or making changes. Mitchell Johnson, chief product development officer at Sonatype, explored this concept and if it’s even still possible … continue reading
OX Security is shifting security as far left as it can go with the launch of VibeSec, which it says can stop insecure AI-generated code before the code even gets generated. It does this by embedding dynamic security context into the coding model so that it doesn’t suggest code that contains security issues. “VibeSec doesn’t … continue reading
Chainguard, a company that provides a repository of trusted container images, has announced the launch of a new collection of trusted builds for JavaScript dependencies. According to Chainguard, recent attacks against the JavaScript package manager npm have underscored the need for more secure mechanisms to consume JavaScript libraries. The company says that public registries do … continue reading
