Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Why You Must Still Review AI Code

In this video, we break down why skipping code reviews is a massive mistake that will ultimately slow you down, leave you vulnerable, and compromise your system's accountability. We dive into three concrete reasons why reviewing AI-generated pull requests actually makes you a faster, safer developer, including a real-world story of a production bug caught in under 90 seconds. Resources Chapters.

Symlinks Are Still Scary (And Yes, You Can Commit Them to Git)

Here's a genuinely unsettling way to lose control of your laptop in 2026. You clone a normal-looking repo, ask your AI coding assistant to "set it up," and it writes an attacker's SSH key into your ~/.ssh/authorized_keys -- without ever really telling you that's what it did. No memory corruption, no zero-day, nothing clever. Just a file in the repo that wasn't the file it claimed to be. That attack is real, it's this week's news, and I'll walk through it. But the trick underneath is decades old.

Snyk VulnBench JS 1.0: Can LLMs Find the Same Bugs Twice?

We ran 300 vulnerability-finding scans to measure how repeatable an agentic LLM security review is on the same code, prompt, and harness. The headline result is not that one scanner "wins" a self-referential leaderboard. It is that LLM security findings are unevenly repeatable: reference-matched findings were stable, but extra-model reports varied widely from run to run.

GLM 5.2 vs Opus 4.8: Cheaper AI Code, Hidden Risks?

GLM 5.2 just launched from Z.ai, and it might be one of the biggest threats yet to the frontier model premium. It’s open, significantly cheaper than Claude Opus 4.8, and claims to deliver near-frontier coding performance across major benchmarks. But benchmarks only matter if the model can actually build something production-ready.

NVD in the AI Era: The Case for Multi-Source Vulnerability Intelligence

For over twenty years, the global security community has operated under a single, comfortable assumption: that a centralized public source could help track, analyze, and enrich the world’s software vulnerabilities at the pace the industry needed. When the National Vulnerability Database (NVD) was established, the open source vulnerability lifecycle moved at a radically different pace.

The New Security Control Point: Governing AI Agents Inside the Execution Loop

As organizations adopt AI agents to build software, security teams face a new challenge: risk is no longer introduced only through the code that gets produced. It emerges continuously through the tools agents use, the actions they take, and the code they generate. This is the problem Evo Agentic Development Security (ADS) was designed to solve. ADS secures all three layers of the agentic development system—what agents use, what they do, and what they generate.

Announcing Agentic Development Security (ADS)

Today, we're announcing Agentic Development Security (ADS), a new Evo solution designed for securing AI-driven software development. AI agents are now active participants in the software development process, selecting tools, executing actions across systems, and generating production-ready code at machine speed.

What nearly 10,000 developer environments reveal about agentic development risk

For years, application security teams have focused on a familiar set of questions: Is the code secure? Are the dependencies vulnerable? Is the build pipeline protected? Are issues being caught before they reach production? Agentic development adds a new question: What systems, tools, instructions, and permissions helped produce this code? AI coding agents are no longer just suggesting snippets or completing lines of code.

How to Setup AI Rules, Skills, Hooks and MCPs

In this video, we break down how to properly set up and use AI extension points - specifically MCP (Model Context Protocol) servers, Rules, Skills, and Hooks - to supercharge your development workflow. Using practical, security-flavored examples with Claude Code and Snyk, you'll learn how to configure a local project environment that automatically catches vulnerabilities before they ever hit your codebase. Whether you use the Claude CLI, VS Code extensions, or alternate AI ecosystems like Cursor or Gemini, you can use these exact steps as a blueprint to automate any workflow in your project.