Blog
Insights, research, and product updates on agentic development security.
All blog posts
- Preventing the Risks AI Ships: Healthcare Organization Achieves 80% Risk Elimination with Guardian Agent
- Apiiro Named a Leader in the Gartner® Magic Quadrant™ for Software Supply Chain Security
- Introducing AI Threat Modeling: Preventing Risks Before Code Exists
- Introducing Apiiro: Reinventing the secure development lifecycle
- Detect and prevent the SolarWinds build-time code injection attack
- Top 5 tips to prevent the SolarWinds Solorigate supply chain attack
- SDLC and DevSecOps: Moving to a continuous and simultaneous model
- Taking security challenges from a board-level discussion to a DevSecOps solution
- Rethinking DevSecOps: Moving to a risk-based SDLC
- Security Alerts: Don't developers have something better to do with their time?
- Stop treating all applications the same: Business impact and your AppSec program
- Visibility in application and cloud security is ripe for innovation
- Detection and prevention of malicious commits to the PHP repository
- Code risk is multi-dimensional: How to build an AppRisk program
- Shut down your application security program
- The secrets about exposed secrets in code
- Gartner continues the push for software supply chain security
- Application security is tactical. Application risk is strategic.
- Risk-based change management for the entire SDLC
- Better together: Security champions and application security engineers
- Don’t just shift left! Extend across layers with infrastructure as code security
- From phishing to developers: What are the new attack vectors?
- Top 3 things we learned since winning the RSA Innovation Sandbox
- Part 1: What we learned about AppSec programs from the Twitch code leak
- Security during design isn't just lip service: AppSec starts at the user story
- A leap forward in risk-based AppSec: The cloud native application protection platform (CNAPP)
- Secure your SDLC to avoid being the source of a supply chain attack
- Developer intentionally corrupts npm libraries, exposing weaknesses in OSS supply chain security
- Legacy SAST has grown stale: It’s time for a new approach
- The OWASP Top 10: A new approach for cloud-native applications
- Detecting Secrets in Code is a Feature, Not a Solution
- Where cloud-native AppSec mistakes are made: Known vs. unknown vulnerabilities
- Malicious Kubernetes Helm charts can be used to steal sensitive information from Argo CD deployments
- What is DevSecOps? A primer
- Go beyond OSS dependencies with your SBOM
- Shift-left API security: Protect your APIs before releasing to the cloud
- Apiiro extends right! From code to runtime
- Detect application architecture drift early in the SDLC
- What you need to know: 0-day vulnerability in Spring core framework (Spring4Shell)
- How to mitigate API risks during development
- Inside Toyota’s secret leak from a supply chain vulnerability
- What is static application security testing (SAST)?
- 8 key NIST guidelines in new federal regulations to be aware of
- The practical guide to software bill of materials (SBOM)
- Stop wasting your time on irrelevant changes while developing software
- New OpenSSL critical CVE: What you need to know
- Dropbox developer account breached: 130 private repositories, secrets leak
- OpenSSL 3.0.7: Newest vulnerability patch aftermath
- Apiiro’s AI engine detected a software supply chain attack in PyPI
- Software supply chain attacks caused PyPI to temporarily suspend new users and projects
- Say Hello to Apiiro’s New Risk Graph™ Explorer
- Security industry veteran Moti Gindi joins the Apiiro as Chief Product Officer
- 4 highlights from the 2023 Gartner® Innovation Insight for Application Security Posture Management (ASPM)
- Apiiro partners with Nuaware to transform how companies in EMEA secure their cloud applications
- Automating material code change detection for continuous compliance
- Top 5 AppSec metrics to track, right from Apiiro's new dashboards
- The eXtended Software Bill of Materials (XBOM): A Game Changer for Application and Supply Chain Security
- Self-enhancing pattern detection with LLMs: Our answer to uncovering malicious packages at scale
- The 6 non-negotiables of reducing modern application attack surfaces
- Unwavering empathy, resilience, and reliability during wartime challenges
- 3 dimensions of application risk you need to prioritize and reduce your alert backlog
- Go beyond detection with Apiiro’s new actionable secrets security features
- Streamlining material code change detection and response for SEC compliance
- CVE-2023-4863: Leverage Apiiro to determine risk from new WebP 0-day
- Introducing Apiiro SSCS: Software supply chain security with the power of ASPM
- LLM Code Authorship Detection: Unmasking Malicious Package Contributions
- ASPM breakdown: Pros and cons of different application security posture management approaches
- Uncovering shadow GenAI frameworks in your codebase with Apiiro
- Apiiro and Wiz partner to unite application and cloud security
- PCI DSS 4.0: What it Means for AppSec and How Apiiro’s Deep ASPM Helps
- A dataset-free approach to leveraging LLMs for malicious code detection
- Over 100,000 Infected Repos Found on GitHub
- Apiiro + Akamai technical alliance: Complete code-to-runtime API security
- Navigate uncharted risk across your software supply chain with Apiiro's Risk Graph Explorer
- Contextual prioritization funnel: Narrow-in on real, business-critical app risks with Apiiro
- Omdia Application Security Posture Management Market Landscape: 4 Key ASPM Questions Answered
- Apiiro + Secure Code Warrior: Uplevel your AppSec program with hyper-relevant secure code training
- Streamlining application risk response for the enterprise with ServiceNow integration
- From metrics to meaning: Optimizing your AppSec program with Apiiro Reports
- ASPM's Secret Weapon: AI-Powered Code-to-Runtime Software Inventory
- Cementing our open ASPM platform commitment with our new integrations program, SHINE
- Introducing AI-Driven Risk Detection at Design Phase: Revolutionizing AppSec with AI-Powered Pre-Code Security
- Apiiro Leads the Charge in Secure by Design: Among First 25 to Sign America's Cyber Defense Agency Pledge
- Apiiro's Countdown to Black Hat USA 2024
- New from Apiiro: Detect and Address AppSec Risks with Apiiro Native LLM Models Before Code is Even Written
- Apiiro and Aerowave Join Forces to Revolutionize Application Security
- Enable AppSec Enhancements by Apiiro with Comprehensive Identity Matching
- Unifying Offensive And Defensive AppSec With Apiiro + Bugcrowd
- Aligning Teams, Managing Risks: Boost Your AppSec Program with Apiiro Organizational Teams & Custom Reports
- Apiiro Lands the Largest ASPM Deal in the Market with a Fortune 10 Global Enterprise
- Fortune 100 Insurance Provider Projected to Save $3M in Security Savings with AppSec Automation, and the 2nd-Largest ASPM Deal in History
- A Year of Collaboration: Apiiro and Akamai Technical Alliance Strengthen
- Introducing Code-to-Runtime: Enriching AppSec with True End-to-End Visibility
- Revolutionizing Application Security: Apiiro Unveils Groundbreaking Code-to-Runtime Technology
- ASPM Overview Dashboard: Empowering AppSec Leadership
- Drive Application Risk Reduction with Apiiro’s Team Leaderboard
- ASPM vs. CSPM: Key Differences, Overlaps, and Choosing the Right Approach
- Closing the Loop Between Application and Infrastructure Security with Our New Tenable Integration
- ASPM vs ASOC: Unveiling the Key to Application Security Success in 2025
- CI/CD Pipeline Security: Best Practices to Safeguard Your Software Supply Chain
- Faster code, greater risks: The security trade-off of AI-driven development
- Top 7 ASPM Best Practices for Building Robust Application Security
- Best 10 Container Security Tools for 2025
- What is Agentic AI?
- Gartner on ASPM: What it Means for Your Security Strategy
- AppSec Is a Data Problem
- Practical prevention of the next supply chain attack: Lessons from the tj-actions/changed-files Incident
- The top software security standards for modern applications
- Agile Penetration Testing: Adapting Scope and Targets through Material Code Change Detection
- Agentic AI Risk Management: What Every CISO Needs to Know in 2025
- Gartner Highlights the Growing Importance of ASPM – Here’s How Apiiro Stands Out
- Gartner® Publishes First-Ever Market Guide for Software Supply Chain Security—Here’s Why ASPM is Included
- Mitigating SCA Vulnerabilities: Strengthening Your Software Supply Chain for Maximum Security
- Continuous, Accurate Threat Modeling Is Now a Reality with Apiiro’s Software Graph Visualization
- Webinar Recap: Reimagining Application Security Posture Management
- Gartner Warns of Growing API Security Gaps—And AI-Driven Development Is the Cause
- How to Run an Application Vulnerability Scanning: Step by Step
- Application Security vs. Product Security: Key Differences, Pros, and Cons
- Top 8 Continuous Security Monitoring Tools for 2025
- How to Strengthen Security in AI-Driven Software Engineering
- AI-Generated Code Security: Security Risks and Opportunities
- Visual Intelligence for Software Risk: Introducing Software Graph Visualization from Apiiro
- Introducing Software Tech Stack Inventory: The Foundation of Scalable AppSec
- Introducing Apiiro’s Code-to-Runtime Integration for ServiceNow CMDB
- Web application security testing checklist: steps + real-world breach examples
- Just Released: The 2025 Gartner Hype Cycle for Application Security – Featuring Apiiro
- A Completely New Way to Fix Design and Code Risks: Meet Apiiro’s AutoFix Agent
- PBOM vs SBOM – Building a Complete Security Bill of Materials
- Why generative AI security remains the blind spot for application security teams
- Securing code with Cursor and Windsurf: advanced vulnerability detection & remediation
- The 16 best infrastructure as code (IaC) tools in 2025
- 4x Velocity, 10x Vulnerabilities: AI Coding Assistants Are Shipping More Risks
- Best practices for integrating agentic AI into app security
- 11 best SAST tools for 2025: how to choose the right SAST solution
- AI Software Composition Analysis: How to Maximize Security and Compliance in Modern Development
- Nx Supply Chain Breach Shows Why Malicious Package Detection Matters
- Apiiro Recognized as a Leader in the 2025 IDC MarketScape for Application Security Posture Management
- Top 11 code security tools in 2026 every security team should evaluate
- Preventing Incidents at Scale: Introducing Apiiro’s AutoFix Agent
- Moving from AppSec to ASPM: the evolution of application security
- Why ~50% of CVEs in the Last 6 Months Trace Directly to Code‑Level Vulnerabilities
- The Latest Shai-Hulud Ongoing Package Supply Chain Worm
- Webinar Recap: Aligning CMDB and Vulnerability Response with Real-Time Code Context
- Secure vibe-coding is an oxymoron: Here’s how to change that
- GenAI is already in your code — what’s at risk depends on your industry
- Vibe coding security vulnerabilities best practices: protecting your applications
- Toward Secure Code Generation with LLMs: Why Context Is Everything
- How to detect and prevent application security vulnerabilities in modern apps
- Multi-Agent Networks in Application Security: Strategies & Benefits
- Introducing Apiiro’s New OSS Licenses Experience
- Secure and Govern Your AI Early — Before It Becomes a Production Risk
- Application Security Risk Assessment: The Complete 2026 Checklist for Dev Teams
- How to Detect and Stop Source Code, Data, and Secrets Exposure
- Why 2026 Demands Better Application Security Training for Developers
- Apiiro Welcomes Former GitHub CEO Thomas Dohmke as Strategic Advisor to Safeguard AI Before Code Generation and Prevent Risks at Enterprise Scale
- 10 Best Practices That Will Transform Your Code Review Processes
- Securing AI-Assisted Software Development: Google + Apiiro
- Top 10 Application Security Testing Tools for 2026
- Shai-Hulud 2: A New Wave of npm Supply Chain Malware Targeting Developers and CI/CD Systems
- Critical Vulnerability – RCE in React Server Components & Next.js
- The Top Code Execution Risks in Agentic AI Systems in 2026
- Modern Application Security Best Practices for an AI-Driven SDLC
- Secure Software Design: Best Practices to Build Safe, Resilient Applications
- Confidence in Agentic Code Fixes is rising – but not without a strong ASPM program
- Webinar Recap: The Evolution of AppSec for the AI Era
- Gartner Ranks Apiiro #1 in ASPM in 2025 Magic Quadrant for Application Security Testing (AST)
- Building Bridges Between Security and R&D: Apiiro’s Continuous Investment in Finding the Right Code Owner
- 12 Best Open Source Vulnerability Management Tools for 2026
- Apiiro Achieves True Runtime API Endpoint Matching
- A Triple Recognition: After Gartner and IDC, Apiiro Named the Most Innovative ASPM Provider Worldwide in Frost & Sullivan’s 2025 Frost Radar™
- What DORA Means for Security and Risk Teams in 2026
- Why SAST and SCA Together Still Leave High-Risk Gaps
- Key Benefits of Application Security Testing Orchestration for Engineering Teams
- AI Is Writing the Code. Who’s Securing It? A Conversation with Thomas Dohmke
- Gartner Report on Guardian Agents Signals a New Era for AI Governance
- Introducing the SDLC System of Record (SoR): Unified, Audit-Ready Supply Chain Compliance
- Application Security Automation: Why Context Matters More Than Coverage
- Why DAST Tools Miss Real IDOR Vulnerabilities (And How AI Helps)
- When Static Rules Met a Dynamic Attack Surface: Why AI Coding Assistants Must Think Like the AI Era – Not Like 80s Firewalls
- Best 8 DevOps Security Tools for Modern CI/CD Pipelines
- Apiiro is Recognized as an Application Security Platform Leader in the Latio 2026 AppSec Report
- OWASP Israel Panel: AI Velocity and the Breaking Point of Security Frameworks
- Best 16 DevSecOps Tools (And How To Choose the Right One)
- Extended Security Posture Management vs ASPM: What's the Real Difference?
- Panel Discussion: How AI Is Redefining Development Speed and Security
- More Code = Wider Attack Surface: AI Coding Assistants Deliver Productivity at the Cost of More Endpoints and More OSS Sprawl
- Guardian Agent: Guard AI to Generate Compliant Code with Zero Vulnerabilities
- Cybersecurity Threat Assessment: A Step-by-Step Guide for AppSec Teams
- Apiiro AI-SAST: Static Scanning Reimagined – From Code to Runtime – for the AI Era
- How to Choose the Best Code Security Platform for Your Team
- Introducing OSS Package Reputation & Health Insights in Apiiro: Open-Source Ease and a Secure SDLC
- Why Open Source License Compliance Is Now Your AppSec Team's Problem
- Introducing Apiiro AI-SAST: Static Scanning Reimagined – From Code to Runtime
- 10 Best DAST Tools for Modern Application Security Testing
- STRIDE vs. DREAD vs. PASTA: Choosing the Right Threat Modeling Framework
- Secret Detection in Application Security: How Teams Actually Prevent Credential Leaks
- Introducing Apiiro Guardian Agent: Preventing Vulnerable and Non-Compliant Code from Ever Being Created
- 60-Second Read: AI-Assisted Coding, Vibe Coding, and Agentic Coding Explained
- Security Tools Were Built for Humans. We Built One for AI Agents. Introducing Apiiro CLI
- Half of Google's Code Is Now AI-Generated. Here's What That Means for Security Leaders.
- Introducing AI Threat Modeling