Skip to main content

Tag: secure coding

13 articles

Cluttered software development workspace with laptop and monitor on a desk.

AI-Generated Code Exposes Governance Gaps in Security Debt

AI-generated code is being produced at alarming rates, but with a catch: nearly half of it contains security flaws, highlighting a pressing need for new approaches to managing security debt. As software creation accelerates, companies must adapt their security strategies to keep pace with the rapid accumulation of vulnerabilities.

Analyst 207
Developer workstation with laptop, monitor, and coding environment on a cluttered office desk.

AI Coding Assistants Expose Flaw in Approval Process

Researchers have uncovered a shocking flaw, dubbed GhostApproval, that affects six major AI coding assistants, allowing malicious code to bypass approval prompts and wreak havoc on a developer's machine. This vulnerability can be exploited through a clever use of symbolic links, posing a significant risk to developers who rely on these tools.

Analyst 207
Developer working on laptop in modern coding lab with multiple monitors and code on screen.

OpenAI Unveils GPT-5.5-Cyber to Accelerate Vulnerability Patching

Meet GPT-5.5-Cyber, OpenAI's latest game-changer in vulnerability patching, designed to supercharge security teams by rapidly identifying and fixing software vulnerabilities in large codebases. This cutting-edge model is the strongest yet for finding and helping patch software vulnerabilities, accelerating discovery, validation, and remediation like never before.

Analyst 207
Cluttered developer workstation with code on laptop and notes on desk.

AI Code Review Foils Malicious Backdoor in Python Project

When Roman Imankulov analyzed a suspicious Python project with his AI agent, it quickly flagged a malicious backdoor, saving him from a potentially disastrous mistake. The AI code review proved to be a crucial safeguard, alerting Imankulov to walk away from the tainted code.

Analyst 207
Software engineer working with AI coding tools at a desk with multiple laptops and notes.

AI Coding Adoption Outpaces Governance, Raises Security Risks

The rapid adoption of AI coding tools has outpaced governance, with 97% of teams using AI assistants, but only 30% having a fully governed approach to oversight, leaving a significant security risk gap. This disconnect raises concerns about where risks are accumulating and how work is getting done.

Analyst 207
Developer workstation with code editor, security symbols, and modern office background.

AI Coding Tools Require Embedded Security to Counter Emerging Risks

Security can't keep pace with AI coding tools unless it's embedded from the start - after all, with hundreds of daily code changes, it can't be a bolt-on activity that happens after the fact. It needs to be a fundamental part of the creation process itself.

Analyst 207
Laptop screen displays lines of code on a neutral surface with blurred lab background.

Anthropic Expands AI Bug Hunting Program

In just eight weeks, Cisco's AI-powered bug hunting program scanned a staggering 1.8 billion lines of code, a task that would have taken their top security team a whopping eight years to complete. This groundbreaking feat showcases the incredible potential of AI-driven cybersecurity solutions.

Analyst 207
Anxious hands hover over a keyboard in front of a flickering computer screen displaying swirling code in a dimly lit server…

Firms Scramble to Secure AI-Generated Code

As AI-generated code becomes more prevalent, a pressing question emerges: how much attention should security teams give to code produced by artificial intelligence? The surprising answer: a lot, with 58% of organizations dedicating over 10 hours a month to securing it.

Analyst 207
hardcoded secrets: Stunning Risky Mobile Crisis

hardcoded secrets: Stunning Risky Mobile Crisis

One in three Android apps — and over half of iOS apps — are leaking sensitive data through insecure APIs and hardcoded secrets, putting your personal info and company systems at risk. Luckily, with smarter developer practices, better tooling and a few simple precautions, we can close those easy doors before attackers walk through.

Analyst 207
bug bounty programs: Must-Have Best Practices

bug bounty programs: Must-Have Best Practices

Bug bounties can be brilliant — they turn curious outsiders into powerful allies who find and help fix real-world flaws before attackers do — but when programs are poorly scoped, underpaid, or legally hostile they breed frustration, public disclosures, and real risk. Get the incentives, triage, and policies right and they strengthen security; get them wrong and the results can be expensive, embarrassing, or downright ridiculous.

Analyst 207
AI-generated code: Risky Threats & Must-Have Fixes

AI-generated code: Risky Threats & Must-Have Fixes

A new Checkmarx study reveals a surprising and worrying trend: AI-generated code now makes up over 60% of some codebases—and much of it contains known vulnerabilities—so the same tools that speed development can also widen your attack surface. Treat AI suggestions like draft work: add automated scans, clear guardrails, and reviewer sign-off to keep convenience from turning into a systemic security risk.

Analyst 207
DevSecOps: Must-Have Best Practices for Ultimate Security

DevSecOps: Must-Have Best Practices for Ultimate Security

Join NIST NCCoE’s virtual event on August 27, 2025 to learn practical DevSecOps best practices from leading experts and discover how to weave security into every step of your software lifecycle. With cybercrime costs soaring, this is your chance to balance speed and safety through automation, compliance tips, and real-world lessons that make your software more resilient.

Analyst 207
IoT security standards: Must-Have Best Defenses

IoT security standards: Must-Have Best Defenses

As IoT devices weave into our homes and critical systems, securing their initial provisioning is essential—NIST SP 1800-36 offers practical, actionable guidance to harden credential issuance and reduce breaches. By adopting its best practices for strong device identity, secure bootstrapping, and lifecycle management, manufacturers, integrators, and users can close a major attack vector and restore trust in connected tech.

Analyst 207