Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The latest News and Information on Application Security including monitoring, testing, and open source.

Hacking LLMs using LinkedIn #aisecurity #ai #llm

Mend.io, formerly known as Whitesource, has over a decade of experience helping global organizations build world-class AppSec programs that reduce risk and accelerate development -– using tools built into the technologies that software and security teams already love. Our automated technology protects organizations from supply chain and malicious package attacks, vulnerabilities in open source and custom code, and open-source license risks.

Mini Shai-Hulud Is Back: npm Worm Hits over 160 Packages, including Mistral and Tanstack

Mini Shai-Hulud is back. Like I said before, we were yet to see the full scale of the attack. The npm campaign we covered in April, when it targeted SAP packages, has now turned into a much larger compromise. Our Malware Team detected 373 malicious package-version entries across 169 npm package names. The basic goal is still the same: steal credentials from developer machines and CI/CD runners, then use those credentials to reach more packages. What changed is the scale and the release path.

Reviewing Malicious PRs at Scale with AI

As AI coding assistants accelerate software development, the volume of pull requests at Datadog has grown to nearly 10,000 per week, increasing the risk that malicious changes slip through due to review fatigue. To address this, Datadog built BewAIre, an LLM-powered code review system designed to identify malicious source code changes introduced by threat actors. By reducing approval fatigue for developers while increasing friction for attackers, BewAIre guides human reviewers to the areas where judgment matters most, without slowing developer velocity.

Incident Response: Keeping Cool When Everything's on Fire

The DevOps revolution broke down the traditional silos between development and operations, fundamentally reshaping how we build and maintain software. But with this evolution came an inevitable, and often stressful, reality for many engineers: being on-call and responding to incidents. In this session, Daljeet Sandu will explore how on-call has evolved in recent years, highlight proven best practices, and share insights into the future of incident response in DevOps.

Rolling out developer security in a 5,000+ engineer organization

Large engineering organizations like to believe their biggest problems are technical. If only someone would approve the budget for the latest tool, everything would be solved. Lately, the prevailing bet is that the silver bullet is vibe coding powered by your favorite flavor of LLM. But the pathologies of large organizations are rarely technical in nature.

Security metamorphosis: a Mythos-ready architecture checklist for autonomous AI attacks

The Anthropic Glasswing initiative brings together Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks as launch partners. You can find a lot of posts and reactions on social media as it is definitely a big deal that Anthropic is keeping their Mythos Preview model out of general access.

AI Without Guardrails Is Like an Employee Without Training #ai #aisecurity #github

Mend.io, formerly known as Whitesource, has over a decade of experience helping global organizations build world-class AppSec programs that reduce risk and accelerate development -– using tools built into the technologies that software and security teams already love. Our automated technology protects organizations from supply chain and malicious package attacks, vulnerabilities in open source and custom code, and open-source license risks.

How to Map AI Risk to Existing Compliance Frameworks

Mend.io, formerly known as Whitesource, has over a decade of experience helping global organizations build world-class AppSec programs that reduce risk and accelerate development -– using tools built into the technologies that software and security teams already love. Our automated technology protects organizations from supply chain and malicious package attacks, vulnerabilities in open source and custom code, and open-source license risks.

AI Sales Avatar Hijacked by Prompt Injection on Livestream #promptinjection #hacked #hacker

Mend.io, formerly known as Whitesource, has over a decade of experience helping global organizations build world-class AppSec programs that reduce risk and accelerate development -– using tools built into the technologies that software and security teams already love. Our automated technology protects organizations from supply chain and malicious package attacks, vulnerabilities in open source and custom code, and open-source license risks.