Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On August 26–27, 2025 (UTC), eight malicious Nx and Nx Powerpack releases were pushed to npm across two version lines and were live for ~5 hours 20 minutes before removal. The attack also impacts the Nx Console VS Code extension.

Prioritizing which vulnerabilities to fix across your application isn't always easy. Is it exploitable? Is it reachable? Will the update introduce breaking changes? Are there any other teams using this library that you should be aware of? What does the backlog look like if other changes need to be made? And that's just this week. Next week, it'll be the same thing all over again, with new discoveries, new version releases, and maybe even a new cybersecurity breach.

We're witnessing a paradigm shift from reactive security tools to proactive, intelligent defenders. AI agents represent the next evolution beyond traditional security systems, fundamentally changing how we approach cybersecurity.

Did developers steal the spotlight of agentic workflows with the wave of AI coding assistants sweeping the media, startups, and tech? What about DevOps workflows, container security, and operating system vulnerability scanning? One of the most time consuming tasks of application security engineers and those responsible for production artifacts is tracking Common Vulnerabilities and Exposures (CVEs) and in what way they impact a bundled application.

Federal agencies are moving fast to unlock AI's potential—from improving citizen services to driving mission outcomes. But with all that innovation comes a new wave of complexity and risk. Security, trust, and transparency can’t be afterthoughts. They need to be part of the build and AI adoption process from day one. AI-driven development is exponentially increasing both code speed and code insecurity, as AI generates code with up to 40% more vulnerabilities than human developers.

Today, Snyk is launching a powerful enhancement to our API discovery capabilities through a strategic partnership with Akamai. This integration is designed to solve one of the most significant challenges in modern application security: the difficulty of providing API schemas for DAST scanning. By directly ingesting API inventories and their corresponding schemas from Akamai, we are transforming a difficult manual process into a seamless, automated workflow within the Snyk platform.

Generative AI is reshaping how software is made, secured, and scaled. At Snyk’s Lighthouse event in Silicon Valley, leaders from engineering, security, and platform teams gathered to explore one big question: How do we build AI-powered systems that move fast, without breaking trust? For many, that future is already here — 60% of organizations at the Summit reported building agentic apps internally. The answers weren’t just technical. They were cultural. Organizational. Strategic.

When we talk about healthcare today, it’s impossible not to consider application security. As healthcare providers increasingly lean on digital solutions to deliver patient care, they are creating an explosion of healthcare data requiring protection to ensure its confidentiality, integrity, and availability.

As the Chief Information Security Officer at Snyk, my primary role is to ensure the security and integrity of our products, our systems, and our customers' data. But my responsibility extends beyond our walls. It involves championing a vision for a more secure digital world—a vision I am proud to say we share with the U.S. Cybersecurity and Infrastructure Security Agency (CISA).

At Snyk, we believe you should never have to choose between speed and security. As the age of AI transforms software development, our goal is to extend our developer-first security approach to this new era, providing the essential tools your teams need to build with confidence. Today at Black Hat, we are delivering on that vision with three tangible innovations that offer a comprehensive solution to secure the entire code lifecycle with AI.

xx.

xx.

In late July 2025, users discovered that ChatGPT chats, initially shared via link, were appearing in search engine results on platforms such as Google, Bing, and DuckDuckGo. These shared conversations included personal content relating to mental health, career concerns, legal issues, and more, without any indication of a data breach. Instead, the exposure resulted from a now-removed feature that enabled discoverability via search indexing.