Vibe Coding will create a new Golden Age for pentesters.

Threat alert: AI-generated code is overwhelming software supply chains

Three vendors — Endor Labs, Lineaje, and Cycode — are responding with agentic AI tools that move AppSec from detection to autonomous action.

New capabilities include:
Reviewing and remediating pull requests with security context
Explaining vulnerabilities in plain English
Automatically fixing risks in containers and source code
Monitoring CI/CD memory for secrets theft
Mapping risk across entire dev pipelines

What leaders need to consider:
• AI agents must be trained, governed, and secured — like any supply chain actor
• Tools should integrate at the code level, not just report level
• Runtime guardrails, policy engines, and visibility are non-negotiable

We're past “SBOMs only” — software supply chain security is now a full-stack discipline, and agentic AI is driving that shift.

#CyberSecurity #SupplyChainSecurity #AI #DevSecOps #AgenticAI #AppSec #CICDSecurity

https://www.techtarget.com/searchitoperations/news/366623140/Software-supply-chain-security-AI-agents-take-action

AppSec Ezine - 584th https://pathonproject.com/zb/?39a1a5b0867527d0#far0dnH/3mGYI3JGj9b4+ZsR0JnsQUzcSju7zdWcKK8= #AppSec #Security

This is one of the big things I got out of the DBIR too. Those third party API endpoints your devs tell you are "Fiiiiiiine" aren't.

https://www.theregister.com/2025/04/24/security_snafus_third_parties/

Get ready for an amazing time at #OWASP Global #AppSec EU in May! Elevate your experience by becoming a mentor. Forge lasting connections and help others grow throughout the year. Join us now to get involved: https://owasp.wufoo.com/forms/zk2cdkr1qla6o8/ #CyberSecurity #AI #threatmodeling #Barcelona #devsecops

We’re excited to welcome the @OpenText team as a Silver Exhibitor at #OWASP 2025 Global AppSec EU in Barcelona! Thank you for supporting the community and helping advance #AppSec and #Cybersecurity. See you there! barcelona.globalappsec.org #developer #supportnonprofit

Joining #OWASP Global #AppSec EU in May? Looking for a mentor to boost your resume, career advice, or public speaking skills? Don't miss the chance to join the Mentor/Mentee program! Connect with a mentor for year-long guidance. Sign up here: https://owasp.wufoo.com/forms/zymozl71uei0k3/ #cybersecurity

A big thank you to @ox_security for your support as a Gold Exhibitor at #OWASP 2025 Global AppSec EU Barcelona! We are looking forward to welcoming you and your team to Barcelona in May. barcelona.globalappsec.org #appsec #developers #cybersecurity #supportnonprofit

AI is changing how software gets built. Today, we’re changing how it gets secured with the expansion of our application security platform and a $93M Series B to accelerate what we’re building.

More here: https://bit.ly/42DqUmB

#OWASP Global #AppSec EU is happening SOON! Join us as a volunteer and be part of the action. Your contribution can truly make a difference. Fill out the form now to be part of something amazing! Sign up here: https://owasp.wufoo.com/forms/z1jihpei0ws2e3v/

The Digital Terrain Is Shifting — Are Your Apps and APIs Ready?

As AI adoption accelerates, so do AI-driven attacks.
In their new research report, Akamai Technologies uncovers the evolving threats facing web applications and APIs — and how organizations can respond before attackers get ahead.

State of Apps and API Security 2025: How #AI Is Shifting the Digital Terrain explores the sharp rise in automated, intelligent threats — and the new defenses emerging to meet them.

Download the full report here: https://itspm.ag/akamaixmwd
Research like this helps #security professionals, #leaders, and #developers stay ahead of the curve — and shape the future of #digital defense.

We’re also proud to feature Akamai in our RSAC 2025 coverage — with a Brand Story recorded pre-event and a follow-up conversation happening on location at the conference in San Francisco with Rupesh Chokshi, Sean Martin, CISSP, and Marco Ciappelli.

Watch the pre-event recording here: https://youtu.be/DMm6INJ_2Z8

A huge thank you to the Akamai team for sponsoring our coverage and sharing their insights with our global audience.

Check out the report and stay tuned for more from RSAC:

Download the Report: https://itspm.ag/akamaixmwd
Explore our RSAC 2025 Coverage: https://www.itspmagazine.com/events/rsac-2025

We are looking forward to welcoming the @brightappsec team to the #OWASP 2025 Global AppSec EU Barcelona event as a Gold Exhibitor! Your support is greatly appreciated. barcelona.globalappsec.org #developer #appsec #cybersecurity #supportnonprofit

New Tool Exposes How Ads in Apps Use Network Data Tracking to Trace Your Location

#MobilePrivacy #AppSec #DataPrivacy #AdTech #Privacy #Cybersecurity #InfoSec #LocationTracking #DataBroker #Surveillance #Android #iOS #PrivacyTools #SecurityResearch

https://winbuzzer.com/2025/04/20/new-tool-exposes-how-ads-in-apps-use-network-data-tracking-to-trace-your-location-xcxwbn/

Python now ships with 15,000 lines of verified cryptographic code from HACL*, covering all default hash and HMAC algorithms. The integration was seamless and automated, aiming to eliminate bugs like the 2022 SHA3 CVE. A major milestone for verified crypto in mainstream software.

https://jonathan.protzenko.fr/2025/04/18/python.html

AppSec Ezine - 583rd https://pathonproject.com/zb/?64c37d62b98727d6#r7baqBu+0IKr1p/bKV6yKlewF1/WiWBotHtQ8lbxFvI= #AppSec #Security

Developers are moving faster than ever with tools like GitHub Copilot and Cursor. But AppSec teams are falling behind.

The result?
A tidal wave of code
62% of AI-generated code has flaws
Nearly 30% contains known security weaknesses

Existing tools weren’t built for this.

Next week, we’re announcing something new. A new way for AppSec teams to understand what’s changing and why it matters.

Stay tuned.

Excited for #OWASP Global #AppSec EU in May? Elevate your experience with mentoring! Join us as a Mentor and create a year long connection helping others! Get involved here: https://owasp.wufoo.com/forms/zk2cdkr1qla6o8/ #CyberSecurity #AI #threatmodeling #Barcelona #devsecops #infosec

AI-generated code is fast—but is it secure?

In this Redefining CyberSecurity episode, we talk vibe coding, developer responsibility, and why security teams need to assume they already have AI-built code in their stack.

Featuring Izar Tarandach + Sean Martin on @ITSPmagazine

Watch here: https://youtu.be/Lv2NTAj3WIY

Huh, what can I do with a value that is reflected into a set-cookie header? I swear I've done something with that before but I can' find it in my notes.

Thank you @SonarSource for supporting #OWASP 2025 Global AppSec EU as a Silver Exhibitor. We are looking forward to welcoming your team to Barcelona! barcelona.globalappsec.org #appsec #developers #cybersecurity #supportnonprofit