Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The latest News and Information on Application Security including monitoring, testing, and open source.

aikido

AI as a Power Tool: How Windsurf and Devin Are Changing Secure Coding

Nov 6, 2025 By Trusha Sharma In Aikido
We brought together Ian Moritz, Deployed Engineer at Cognition, and Mackenzie Jackson from Aikido Security for a live masterclass on AI-assisted coding. The goal wasn’t to hype new tools. It was to talk about how developers can stay in control while AI starts writing, testing, and securing code beside them.
Read Post
aikido

Building Fast, Staying Secure: Supabase's Approach to Secure-by-Default Development

Nov 6, 2025 By Trusha Sharma In Aikido
As part of Aikido’s Security Masterclass series, Mackenzie Jackson sat down with Bill Harmer (CISO, Supabase) and Etienne Stalmans (Security Engineer, Supabase) to explore how Supabase approaches security as part of design, not something to bolt on later. From Row Level Security (RLS) to the risks of AI-assisted coding, the discussion focused on what it takes to build fast and stay secure.
Read Post

Direct vs. Indirect AI Risks: What Security Teams Need to Know #AIsecurity #AppSec #AInative

Nov 6, 2025 By Mend In Mend
AI coding assistants don’t just speed up development — they introduce two kinds of risks you can’t afford to ignore. Direct risks: vulnerabilities added straight into generated code. Indirect risks: exposure through how AI tools shape workflows, dependencies, and external connections. Both can create blind spots — and both demand visibility. Watch to learn how recognizing these layers helps secure your AI-driven workflows.
View Video
aikido

The Return of the Invisible Threat: Hidden PUA Unicode Hits GitHub repositorties

Oct 31, 2025 By Ilyas Makari In Aikido
It wasn’t long ago that we uncovered compromised extensions on Open VSX. Now, a new wave of attacks is emerging, and all signs point to the same threat actor. The technique will sound familiar: hidden malicious code injected with invisible Unicode Private Use Area (PUA) characters. We first saw this trick back in March when npm packages used PUAs to conceal payloads. Then came Open VSX. Now, the attacker seems to have turned their sights on GitHub, and their methods are evolving.
Read Post

Silence of the Daemons: Why Evasion Isn't About Location and NDR's Role in the Cloud

Oct 30, 2025 By Datadog In Datadog
In this talk, David Burkett, Cloud Security Researcher at Corelight, highlights how timeless evasion tactics create critical blind spots in cloud workloads, and illustrates the role of Network Detection and Response (NDR) as a resilient countermeasure. Presented on October 30, 2025 for Datadog Detect.
View Video

Same Adversary, New Terrain: Adapting an Endpoint Detection Mindset to the Cloud

Oct 30, 2025 By Datadog In Datadog
In their talk, Katie Nickels (Sr. Director of Intelligence Operations) and Jesse Griggs (Sr. Threat Researcher) from Red Canary show you how to adapt an endpoint detection mindset to the cloud, specifically focusing on pre-impact TTPs and building robust cloud detections.
View Video

Datadog Detect (October 30, 2025)

Oct 30, 2025 By Datadog In Datadog
Datadog Detect is a virtual mini-conference dedicated to helping security teams modernize detection and response by applying engineering best practices. Hear talks from industry experts, including security researchers and engineers at Datadog, Red Canary, and Corelight to learn about building scalable, effective security operations.
View Video

The Goldilocks Approach: Finding Detections That Are Just Right

Oct 30, 2025 By Datadog In Datadog
In this talk, Megan Roddie-Fonseca, Sr. Security Engineer at Datadog, addresses the challenge of finding "just right" detections, leveraging data classification techniques like recall and precision to balance false positives and missed attacks. Presented on October 30, 2025 for Datadog Detect.
View Video
veracode

The State of Application Security in Financial Services: Managing Security Debt

Oct 29, 2025 By Natalie Tischler In Veracode
Application security in financial services is essential to maintaining trust, compliance, and operational resilience in a rapidly evolving digital landscape. Financial services organizations must balance innovation with holistic security controls, especially as the pressure to launch new digital solutions grows. The evidence is clear: challenges around “security debt,” unresolved flaws left in production for over a year, pose material risk to the sector.
Read Post
mend

Mend.io Expands AI Native AppSec to Windsurf, CoPilot, Claude Code, and Amazon Q Developer

Oct 21, 2025 By Mend.io Team In Mend
Today, Mend.io is expanding its AppSec capabilities to secure the five most popular agentic IDEs — including Windsurf, CoPilot, Claude Code, Amazon Q Developer, and Cursor — ensuring that developers can move at AI speed without compromising security.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.