3 stories

Application Security

Continuous PR Security Review

The security findings that end up in incident post-mortems rarely looked dangerous in the PR that introduced them. Not because anyone was careless but because there's nothing in the change that looks wrong. The code does exactly what it says but the problem is in how the app behaves once it's running. A new endpoint ships without a permission check but every other route in the file handles permissions correctly, so nothing about it stands out. Or a response comes back carrying more of a user's

The Trust Gap Behind the AI Coding Boom: What 200 Security Practitioners Just Told Us

New research from ProjectDiscovery surfaces an uncomfortable truth: Engineering has accelerated, and Security has been left to absorb the impact, mostly by hand. If you work in application security right now, you already know the shape of the problem. Pull requests are landing faster than they used to. The diffs are bigger. The author on the commit is increasingly your engineering team's AI assistant, not the engineer themselves. And somewhere downstream, you and a small team are expected to ke

New Report: State of AppSec 2026 | Security at Engineering Speed

In 2026, most organizations aren’t shipping “applications” so much as they’re shipping continuous change; across APIs and services, infrastructure and configuration, identity and permissions, feature flags, and AI-assisted code.