Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

mend

Building a more secure npm ecosystem with Mend Renovate

Nov 6, 2025 By Jamie Tanna In Mend
Over this last year, we’ve seen significant attacks like the Shai-Hulud worm, the Nx build system compromise, and secrets being leaked to public GitHub Actions logs via the tj-actions/changed-files compromise, but I could spend the entirety of this article only listing different attacks, let alone talking about them.
Read Post

Direct vs. Indirect AI Risks: What Security Teams Need to Know #AIsecurity #AppSec #AInative

Nov 6, 2025 By Mend In Mend
AI coding assistants don’t just speed up development — they introduce two kinds of risks you can’t afford to ignore. Direct risks: vulnerabilities added straight into generated code. Indirect risks: exposure through how AI tools shape workflows, dependencies, and external connections. Both can create blind spots — and both demand visibility. Watch to learn how recognizing these layers helps secure your AI-driven workflows.
View Video
mend

Best Application Security Testing Services to Know

Nov 5, 2025 By Tiffany Jennings In Mend
Application Security Testing (AST) services use automated tools and manual techniques to find and fix security vulnerabilities in software, integrating security into the entire development lifecycle (SDLC) to prevent threats and protect applications from attacks. Key services include Static Application Security Testing (SAST) for code-level analysis, Dynamic Application Security Testing (DAST) for runtime testing, and Interactive Application Security Testing (IAST) which combines both.
Read Post
mend

Ultimate Guide to Open Source Security: Risks, Attacks & Defenses

Oct 28, 2025 By Tiffany Jennings In Mend
Unlike closed-source code or proprietary applications, open source software (OSS) exposes its source code, allowing anyone to view, modify, or contribute to it. This transparency delivers both opportunities and unique threats; developer communities can uncover flaws faster, but attackers can also examine code for weaknesses and even easily leverage known reported open source vulnerabilities.
Read Post
mend

Mend.io Expands AI Native AppSec to Windsurf, CoPilot, Claude Code, and Amazon Q Developer

Oct 21, 2025 By Mend.io Team In Mend
Today, Mend.io is expanding its AppSec capabilities to secure the five most popular agentic IDEs — including Windsurf, CoPilot, Claude Code, Amazon Q Developer, and Cursor — ensuring that developers can move at AI speed without compromising security.
Read Post

Securing AI Applications in the Cloud: Shadow AI, RAG & Real Risks | Mend.io

Oct 16, 2025 By Mend In Mend
What does it take to secure AI-based applications in the cloud? In this episode, host Ashish Rajan sits down with Bar-el Tayouri, Head of Mend AI at Mend.io, to dive deep into the evolving world of AI security. From uncovering the hidden dangers of shadow AI to understanding the layers of an AI Bill of Materials (AIBOM), Bar-el breaks down the complexities of securing AI-driven systems. Learn about the risks of malicious models, the importance of red teaming, and how to balance innovation with security in a dynamic AI landscape. What is an AIBOM and why it matters The stages of AI adoption.
View Video
mend

Building Strong Container Security for Modern Applications

Oct 16, 2025 By Mend.io Team In Mend
Containers have transformed how modern applications are built and deployed. They’re lightweight, portable, and allow teams to move software from development to production faster than ever before. But as adoption has accelerated, so have security concerns. From vulnerable base images to exposed Kubernetes clusters, container security has become a top priority for AppSec and DevSecOps professionals.
Read Post

Why Security Can Be Stricter: A Zero Trust Approach to AppSec with AI | Mend.io

Oct 16, 2025 By Mend In Mend
Is AI making application security easier or harder? We spoke to Amit Chita, Field CTO at Mend.io, the rise of AI agents in the Software Development Lifecycle (SDLC) presents a unique opportunity for security teams to be stricter than ever before. As developers increasingly use AI agents and integrate LLMs into applications, the attack surface is evolving in ways traditional security can't handle. The only way forward is a Zero Trust approach to your own AI models. Join Ashish Rajan and Amit Chita as they discuss the new threats introduced by AI and how to build a resilient security program for this new era.
View Video
mend

Code Scanning in 2025: Why, How & the Role of Scanning in AI Security

Oct 15, 2025 By Mend.io Team In Mend
Code scanning is the process of automatically analyzing source code to identify potential security vulnerabilities, bugs, and other code quality issues. It’s a crucial part of secure application development, helping teams detect and fix problems early in the software development lifecycle. Code scanning tools mainly use static analysis methods (examining code without running it), in contrast to dynamic analysis tools which analyze applications while they are running.
Read Post

The AppSec Bottleneck: Why Fixing Can't Wait

Oct 13, 2025 By Mend In Mend
Vulnerability detection isn’t the main problem - remediation is. In today’s fast-paced development world, security teams are overwhelmed with alerts, while developers struggle to keep up with security tasks that feel disconnected from their workflow. The real risk? Vulnerabilities that sit unaddressed in a growing backlog. Join Daniel Wyrzykowski, Product Manager at Mend.io and Saoirse Hinksmon, Senior Product Marketing Manager at Mend.io as they explore.
View Video

Copyright © 2026 OpsMatters™. All rights reserved.