A critical heap buffer overflow vulnerability in the AWS C Common library was discovered autonomously through an AI-automated fuzz testing solution, CI Fuzz, and has been fully addressed with a patch. In this post, we explore the vulnerability and its potential impact on embedded systems.

C and C++ programming are notorious for being bug-prone. Let’s look at the most dangerous software weaknesses in 2024 that are relevant for C and C++, so that you know what type of issues to test your code against in 2025. We examined the 2024 CWE Top 25 Most Dangerous Software Weaknesses list developed by Common Weakness Enumeration (CWE) and identified weaknesses relevant to C/C++. These weaknesses can become vulnerabilities. We explained how they occur and how you can uncover them.

In 2025, fuzz testing has become an essential practice for ensuring software security and reliability. By identifying vulnerabilities through randomized input testing, fuzzing helps development teams uncover bugs that traditional testing methods—such as static analysis and penetration testing—often miss. With rapid advancements in security tools, let’s explore the top fuzz testing tools of 2025, their key features, benefits, and how they compare.

Security teams face limited resources and a growing attack surface while developers struggle with security responsibilities that feel burdensome, annoying, or seem to conflict with their first priorities. AppSec teams turn to static application security testing (SAST) tools to identify vulnerabilities in first-party code early in the software development lifecycle while developers can still fix issues before the code is old and forgotten about.

We’re thrilled to announce the general availability of Spark, an AI Test Agent that lowers the entry barrier to white-box fuzz testing. In this blog, we explain how Spark works and share the main results from its beta testing that prove its effectiveness.

Modern software applications operate within increasingly complex ecosystems, spanning multiple layers of the stack—from the user interface and application logic to APIs, databases, and third-party dependencies. Each layer introduces unique vulnerabilities, often requiring specialized domain expertise to identify and mitigate.

Below, we’ll take a look at how both DAST as a methodology and DAST as a tool relate to what we do at Detectify. More specifically, we’ll explain how Detectify’s solution applies DAST methodology to the full breadth of an attack surface, automating the heck out of application security testing. With these methods, we cover millions of domains before you’ve even had breakfast.

Below, we’ll take a look at how both DAST as a methodology and DAST as a tool relate to what we do at Detectify. More specifically, we’ll explain how Detectify’s solution applies DAST methodology to the full breadth of an attack surface, automating the heck out of application security testing. With these methods, we cover millions of domains before you’ve even had breakfast.

At the 6th de:hub Pitch Night, an event celebrating innovation and digital transformation, Code Intelligence was honored with the prestigious German AI Award. This recognition, awarded by a distinguished jury of industry experts and investors, underscores Code Intelligence’s pivotal role in advancing software security through artificial intelligence.