Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

I have been writing about the need to better train our programmers in secure coding practices for decades, most recently here and here. At least a third of data compromises involved exploited software and firmware vulnerabilities and we are on our way to having over 47,000 separate, publicly known vulnerabilities this year. There are at least 130 new vulnerabilities learned and publicly reported every day, day after day. That is a lot of exploitation. That is a lot of patching.

AI was supposed to make our lives easier. Vendors promised it would cut through complexity, detect threats faster, and lighten the load on already overworked security teams. But if you’ve been paying attention, you know the truth: AI has given us more noise than ever. Corey Brunkow from Horizon3.ai joined Nucleus co-founder and CPO, Scott Kuffer, to unpack this problem during a recent webinar. AI helps attackers move faster, but on the defensive side, it’s created a flood of data.

AI sits in everyday workflows: assistants answering customer questions, copilots helping developers, and RAG apps searching internal knowledge. That means personal and sensitive data flows through prompts, vector stores, and integrations you didn’t have a year ago. Privacy can’t be an end-of-quarter compliance push anymore. It needs to live in your pipelines and apps the way logging and monitoring do.

The tools designed to build your next product are now being used to build the perfect attack against it. Generative AI platforms can spin up a pixel-perfect replica of your brand's login page in minutes, launching high-fidelity phishing campaigns at a scale and speed that legacy security models cannot handle. This isn't an emerging threat; it's an industrialized phishing engine that’s already being weaponized against businesses.

Today, Snyk is excited to announce a new partnership with Cognition that significantly advances security within the software development lifecycle, validating our "Secure at Inception" model. This collaboration introduces new integrations, Snyk for Devin and Snyk for Windsurf, which directly embed Snyk Studio's security intelligence into Cognition's AI-native developer tools.

Organizations across industries are actively investing in AI to streamline operations, boost productivity, and stay ahead in competitive markets. However, most proceed with caution when rolling out new AI solutions internally as they need to meet standards for AI security, compliance, and responsible use through rigorous testing and assessments. ‍ At the same time, teams may occasionally adopt AI solutions outside formal channels to simplify their workload.