Tag: secure coding
13 articles

AI-Generated Code Exposes Governance Gaps in Security Debt
AI-generated code is being produced at alarming rates, but with a catch: nearly half of it contains security flaws, highlighting a pressing need for new approaches to managing security debt. As software creation accelerates, companies must adapt their security strategies to keep pace with the rapid accumulation of vulnerabilities.

AI Coding Assistants Expose Flaw in Approval Process
Researchers have uncovered a shocking flaw, dubbed GhostApproval, that affects six major AI coding assistants, allowing malicious code to bypass approval prompts and wreak havoc on a developer's machine. This vulnerability can be exploited through a clever use of symbolic links, posing a significant risk to developers who rely on these tools.

OpenAI Unveils GPT-5.5-Cyber to Accelerate Vulnerability Patching
Meet GPT-5.5-Cyber, OpenAI's latest game-changer in vulnerability patching, designed to supercharge security teams by rapidly identifying and fixing software vulnerabilities in large codebases. This cutting-edge model is the strongest yet for finding and helping patch software vulnerabilities, accelerating discovery, validation, and remediation like never before.

AI Code Review Foils Malicious Backdoor in Python Project
When Roman Imankulov analyzed a suspicious Python project with his AI agent, it quickly flagged a malicious backdoor, saving him from a potentially disastrous mistake. The AI code review proved to be a crucial safeguard, alerting Imankulov to walk away from the tainted code.

AI Coding Adoption Outpaces Governance, Raises Security Risks
The rapid adoption of AI coding tools has outpaced governance, with 97% of teams using AI assistants, but only 30% having a fully governed approach to oversight, leaving a significant security risk gap. This disconnect raises concerns about where risks are accumulating and how work is getting done.

AI Coding Tools Require Embedded Security to Counter Emerging Risks
Security can't keep pace with AI coding tools unless it's embedded from the start - after all, with hundreds of daily code changes, it can't be a bolt-on activity that happens after the fact. It needs to be a fundamental part of the creation process itself.

Anthropic Expands AI Bug Hunting Program
In just eight weeks, Cisco's AI-powered bug hunting program scanned a staggering 1.8 billion lines of code, a task that would have taken their top security team a whopping eight years to complete. This groundbreaking feat showcases the incredible potential of AI-driven cybersecurity solutions.

Firms Scramble to Secure AI-Generated Code
As AI-generated code becomes more prevalent, a pressing question emerges: how much attention should security teams give to code produced by artificial intelligence? The surprising answer: a lot, with 58% of organizations dedicating over 10 hours a month to securing it.

hardcoded secrets: Stunning Risky Mobile Crisis
One in three Android apps — and over half of iOS apps — are leaking sensitive data through insecure APIs and hardcoded secrets, putting your personal info and company systems at risk. Luckily, with smarter developer practices, better tooling and a few simple precautions, we can close those easy doors before attackers walk through.

bug bounty programs: Must-Have Best Practices
Bug bounties can be brilliant — they turn curious outsiders into powerful allies who find and help fix real-world flaws before attackers do — but when programs are poorly scoped, underpaid, or legally hostile they breed frustration, public disclosures, and real risk. Get the incentives, triage, and policies right and they strengthen security; get them wrong and the results can be expensive, embarrassing, or downright ridiculous.

AI-generated code: Risky Threats & Must-Have Fixes
A new Checkmarx study reveals a surprising and worrying trend: AI-generated code now makes up over 60% of some codebases—and much of it contains known vulnerabilities—so the same tools that speed development can also widen your attack surface. Treat AI suggestions like draft work: add automated scans, clear guardrails, and reviewer sign-off to keep convenience from turning into a systemic security risk.

DevSecOps: Must-Have Best Practices for Ultimate Security
Join NIST NCCoE’s virtual event on August 27, 2025 to learn practical DevSecOps best practices from leading experts and discover how to weave security into every step of your software lifecycle. With cybercrime costs soaring, this is your chance to balance speed and safety through automation, compliance tips, and real-world lessons that make your software more resilient.

IoT security standards: Must-Have Best Defenses
As IoT devices weave into our homes and critical systems, securing their initial provisioning is essential—NIST SP 1800-36 offers practical, actionable guidance to harden credential issuance and reduce breaches. By adopting its best practices for strong device identity, secure bootstrapping, and lifecycle management, manufacturers, integrators, and users can close a major attack vector and restore trust in connected tech.