Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Your AI coding assistant is leaking secrets

AI desktop assistants and coding tools need credentials to reach external services, and many of them store those credentials as plaintext JSON at predictable paths in the user's home directory. This research covers how credential storage works across 14 popular AI tools, where OS keychain integration is present or missing, and eight attack scenarios that turn that exposure into real risk, from malware-based theft to remote session hijacking to supply-chain compromise via MCP servers.

How Third-Party Development Partners Become Your Biggest Security Liability

Third-party development partners offer real advantages: faster delivery, specialised expertise, and lower costs than building an in-house team. They also expand your attack surface in ways most organisations never fully account for. When an external team builds or modifies your systems, they bring with them their own tools, practices, access levels, and vulnerabilities. The question is not whether that creates risk. It is whether your organisation is managing it deliberately or leaving it to chance.

What Composable Apps Mean for the Web3 Ecosystem

Composable applications are becoming a defining feature of how Web3 ecosystems develop and scale. These apps are built to work together rather than operate in isolation, allowing developers to reuse existing components and users to benefit from interconnected functionality.

Codex API In DevSecOps: Balancing Developer Speed With Secure Code Review

AI-assisted coding is no longer a side experiment. It is becoming part of daily engineering workflows, from drafting functions and refactoring legacy code to generating tests and accelerating routine implementation work. That shift is why the Codex API now belongs in a broader DevSecOps conversation, not just a developer productivity discussion.

Secure Coding Techniques that Is Critical for Modern Applications

Let's be honest: software ships faster today than most security teams can comfortably keep up with. Microservices, sprawling APIs, cloud-native deployments, and AI-assisted code generation have accelerated development at an unprecedented pace. But buried within that speed are small, overlooked coding mistakes that quietly open the door to serious breaches.

Why a strategic MVP is needed for scalable software

Minimum Viable Product is the exact opposite of MVP in sports, the Most Valuable Player. One danger is to treat it as the latter by over-investing time and resources into it, missing the point that it's about validating the business idea and core value proposition. But, many also go too far the other way and under-bake the features, treat the core code as disposable, and end up later building the real product on top of a mistreated foundation with technical debt.

From Intent to Outcome: How Agentic Coding is Transforming the SOC

See how Torq harnesses AI in your SOC to detect, prioritize, and respond to threats faster. Request a Demo Security teams are being asked to move faster and handle more complexity, while the threats they defend against are increasingly AI-assisted. When I wrote about VoidLink in January, my point was simple: you cannot fight machine-speed threats with human-speed defense. Attackers are using AI to code, adapt, and scale attacks while humans are still grinding away doing the heavy lifting in the SOC.

Survive the AI Code Blizzard: Introducing Snippet Detection

In 2026, software development speed is an AI-solved problem. Yet, as AI-generated code volumes surge, organizations face a new kind of risk visibility gap. Developers are increasingly copying third-party snippets into their codebases—from both AI prompts and open-source software components—creating large security and compliance blind spots that lead to significant risks.