AppSec stories

Wiz adds Red Agent preview and wider tools for AI code, Databricks, multicloud services and edge risk across cloud environments.

CrowdStrike unveils AI security coalition with Accenture, EY, IBM Cybersecurity Services, Kroll and OpenAI to spot and fix code flaws faster.

Lineaje survey flags a widening governance gap as most firms use AI-generated code, yet few can fully see or track it.

Check Point says Anthropic's Claude Code can quietly stash credentials in .claude/settings.local.json, which may be published in public npm packages.

Check Point and Google Cloud add governance and live monitoring to enterprise AI agents as firms race to secure autonomous workflows.

AI coding accelerates software delivery, but security teams struggle to keep up as more code, alerts and manual checks pile up.

Tenable warns that a flaw in Microsoft's Windows-driver-samples GitHub workflow could let attackers run code and steal secrets.

Zscaler joins Anthropic's Project Glasswing to test Claude Mythos Preview in software scans, as the firm pushes zero trust against AI-driven attacks.

HackerOne unveils h1 Validation as vulnerability reports surge 76% and AI tools speed up discovery, leaving firms struggling to triage real threats.

Chainguard and Cursor strike partnership to embed verified open source dependencies into AI coding, aiming to curb supply chain risks at machine speed.

Tenable warns a GitHub Actions bug in Microsoft's Windows-driver-samples repo could let attackers run code and steal secrets via public issues.

AI models that can hunt and chain software flaws are forcing boards to rethink cyber defences, while scrutiny grows over Anthropic's MCP design risks.

LangWatch releases open-source AI red-teaming framework to expose hidden vulnerabilities in production agents through multi-turn attack simulations.

Appdome unveils mobile API defence that checks app, device and session identity before granting access, targeting bot abuse and takeover attacks.

OpenAI widens AI cyber tools to verified users as Anthropic keeps rivals guessing, fuelling debate over who gains an edge in the ransomware fight.

Capsule Security emerges from stealth with $7 million backing to police AI agents at runtime as enterprises widen their use.

Thoughtworks warns AI-assisted coding is swelling software complexity, as developers lean on older controls to curb security and oversight risks.

Cloudflare and Wiz team up to map shadow AI risks across cloud estates and protect sensitive data as firms race to secure chatbot deployments.

OpenAI broadens Trusted Access for Cyber to verified defenders, giving vetted users GPT-5.4-Cyber for tougher security work and code analysis.

Sonatype flags 21,764 malicious open-source packages in Q1 2026, with npm hit hardest as attackers used trusted workflows to steal secrets.