code analysis

Senior engineers are spending their week cleaning up AI-generated code

AI, code, code analysis, DevOps, Don't miss, generative AI, Hot stuff, LLMs, New Relic, News, report /

Senior engineers are spending their week cleaning up AI-generated code 2026-06-15 at 07:00 By Anamarija Pogorelec At most U.S. technology companies, machines now write the bulk of the code that ships each week. The engineer’s job has shifted toward reviewing what the AI produces, and that review gives the code high marks. Leaders rate AI-generated […]

Senior engineers are spending their week cleaning up AI-generated code Read More »

The security questions around Chinese AI coding models in U.S. software

AI, Booz Allen Hamilton, China, code, code analysis, cybersecurity, LLMs, News, report, USA /

The security questions around Chinese AI coding models in U.S. software 2026-06-09 at 08:46 By Anamarija Pogorelec Software developers across the United States are using AI models built in China to write, debug, and review code, drawn by prices below those of American alternatives. These models carry risks for the security of American software, according

The security questions around Chinese AI coding models in U.S. software Read More »

What Mozilla learned running an AI security bug hunting pipeline on Firefox

AI, Anthropic, BH Consulting, Brian Honan, code analysis, Don't miss, Firefox, Hot stuff, Mozilla, News, strategy, tips /

What Mozilla learned running an AI security bug hunting pipeline on Firefox 2026-05-08 at 01:14 By Mirko Zorz Over the past several months, Mozilla ran an agentic harness powered by Claude Mythos Preview across Firefox’s source code, identifying 271 security bugs that were fixed in Firefox 150, with additional fixes shipped in versions 149.0.2 and

What Mozilla learned running an AI security bug hunting pipeline on Firefox Read More »

Can your coding style predict whether your code is vulnerable?

code analysis, cybersecurity, Don't miss, LLMs, News, research, software development /

Can your coding style predict whether your code is vulnerable? 2026-05-05 at 13:21 By Sinisa Markovic Developers leave fingerprints in the code they write. Naming choices, indentation patterns, preferred APIs, and the way someone structures a loop or handles a pointer all carry traces of individual habit. Researchers have used these stylistic signals for years

Can your coding style predict whether your code is vulnerable? Read More »

Claude Security enters public beta with Opus 4.7 vulnerability scanning and patching

AI, Anthropic, ChatGPT, code analysis, News, OpenAI, patching /

Claude Security enters public beta with Opus 4.7 vulnerability scanning and patching 2026-05-04 at 13:11 By Anamarija Pogorelec Claude Security, previously called Claude Code Security, is in public beta for Claude Enterprise customers. Available in Claude.ai, the capability scans codebases for security vulnerabilities and suggests targeted patches for review, helping teams identify and fix issues

Claude Security enters public beta with Opus 4.7 vulnerability scanning and patching Read More »

AI SOC vendors are selling a future that production deployments haven’t reached yet

agentic AI, Artificial Intelligence, Aunoo AI, automation, CISO, Claude Code, code analysis, Cybanetix, Don't miss, Features, Gartner, generative AI, Hot stuff, LLMs, News, opinion, Reddit, report, security operations, SOC, strategy, Threat Intelligence /

AI SOC vendors are selling a future that production deployments haven’t reached yet 2026-03-26 at 12:32 By Mirko Zorz Vendors selling AI-powered security operations platforms have built their pitches around a consistent set of promises: autonomous threat investigation, dramatic reductions in analyst workload, and an accelerating path toward humanless operations. Practitioners buying and deploying those

AI SOC vendors are selling a future that production deployments haven’t reached yet Read More »

Anthropic cuts action approval loop, lets Claude Code make the call

Anthropic, Claude Code, code analysis, News /

Anthropic cuts action approval loop, lets Claude Code make the call 2026-03-25 at 11:06 By Sinisa Markovic Auto mode is a new permissions feature in the Claude Code system that allows the AI to make approval decisions on a user’s behalf while safeguards review actions before execution. The feature is available on Team plans and

Anthropic cuts action approval loop, lets Claude Code make the call Read More »

Bandit: Open-source tool designed to find security issues in Python code

code analysis, cybersecurity, DevSecOps, Don't miss, GitHub, News, open source, Python, scanning, software /

Bandit: Open-source tool designed to find security issues in Python code 2026-01-21 at 08:04 By Sinisa Markovic Bandit is an open-source tool that scans Python source code for security issues that show up in everyday development. Many security teams and developers use it as a quick way to spot risky coding patterns early in the

Bandit: Open-source tool designed to find security issues in Python code Read More »

BlueCodeAgent helps developers secure AI-generated code

Artificial Intelligence, code, code analysis, cybersecurity, LLMs, Microsoft, News, research /

BlueCodeAgent helps developers secure AI-generated code 2025-11-20 at 08:05 By Sinisa Markovic When AI models generate code, they deliver power and risk at the same time for security teams. That tension is at the heart of the new tool called BlueCodeAgent, designed to help developers and security engineers defend against code-generation threats. Why code generation

BlueCodeAgent helps developers secure AI-generated code Read More »

Metis: Open-source, AI-driven tool for deep security code review

Arm, Artificial Intelligence, code analysis, code review, Don't miss, GitHub, LLMs, News, open source, software /

Metis: Open-source, AI-driven tool for deep security code review 2025-11-19 at 08:06 By Anamarija Pogorelec Metis is an open source tool that uses AI to help engineers run deep security reviews on code. Arm’s product security team built Metis to spot subtle flaws that are often buried in large or aging codebases where traditional tools

Metis: Open-source, AI-driven tool for deep security code review Read More »

Chekov: Open-source static code analysis tool

cloud security, code analysis, cybersecurity, Don't miss, GitHub, News, open source, software /

Chekov: Open-source static code analysis tool 2025-10-02 at 09:18 By Sinisa Markovic Checkov is an open-source tool designed to help teams secure their cloud infrastructure and code. At its core, it’s a static code analysis tool for infrastructure as code (IaC), but it also goes a step further by providing software composition analysis (SCA) for

Chekov: Open-source static code analysis tool Read More »

A look inside 1,000 cyber range events and what they reveal about AppSec

code analysis, cybersecurity, News, report, survey /

A look inside 1,000 cyber range events and what they reveal about AppSec 2025-09-24 at 07:45 By Anamarija Pogorelec Software powers almost every part of business, which means attackers have more chances than ever to exploit insecure code. A new report from CMD+CTRL Security looks at how teams are building their defenses through cyber range

A look inside 1,000 cyber range events and what they reveal about AppSec Read More »

RIFT: New open-source tool from Microsoft helps analyze Rust malware

code analysis, Don't miss, GitHub, Malware, Microsoft, News, open source, rust /

RIFT: New open-source tool from Microsoft helps analyze Rust malware 2025-06-30 at 13:01 By Mirko Zorz Microsoft’s Threat Intelligence Center has released a new tool called RIFT to help malware analysts identify malicious code hidden in Rust binaries. While Rust is becoming more popular for its speed and memory safety, those same qualities make malware

RIFT: New open-source tool from Microsoft helps analyze Rust malware Read More »

Vulnerabilities found in NASA’s open source software

code analysis, Don't miss, Hot stuff, NASA, News, open source, ThreatLeap, vulnerability, vulnerability disclosure /

Vulnerabilities found in NASA’s open source software 2025-05-27 at 15:48 By Zeljka Zorz Vulnerabilities in open source software developed and used in-house by NASA could be exploited to breach their systems, claims Leon Juranić, security researcher and founder of cybersecurity startup ThreatLeap. The vulnerabilities Juranić, whose AppSec credentials include founding and leading DefenseCode, is no

Vulnerabilities found in NASA’s open source software Read More »

PRevent: Open-source tool to detect malicious code in pull requests

Apiiro, code analysis, Don't miss, GitHub, Hot stuff, Java, JavaScript, Kotlin, News, open source, PHP, programming, Python, Ruby, software development, threat detection /

PRevent: Open-source tool to detect malicious code in pull requests 2025-02-20 at 16:52 By Zeljka Zorz Apiiro security researchers have released open source tools that can help organizations detect malicious code as part of their software development lifecycle: PRevent (a scanner for pull requests), and a malicious code detection ruleset for Semgrep and Opengrep static

PRevent: Open-source tool to detect malicious code in pull requests Read More »

Detecting vulnerable code in software dependencies is more complex than it seems

code, code analysis, cybersecurity, Don't miss, Endor Labs, Features, Hot stuff, News, open source, opinion, remediation, SCA, software, vulnerability management /

Detecting vulnerable code in software dependencies is more complex than it seems 2024-09-18 at 07:31 By Mirko Zorz In this Help Net Security interview, Henrik Plate, CISSP, security researcher, Endor Labs, discusses the complexities AppSec teams face in identifying vulnerabilities within software dependencies. Plate also discusses the limitations of traditional software composition analysis (SCA) solutions

Detecting vulnerable code in software dependencies is more complex than it seems Read More »

MobSF: Open-source security research platform for mobile apps

Android, code analysis, cybersecurity, Don't miss, GitHub, Hot stuff, iOS, mobile, mobile apps, mobile devices, News, open source, software /

MobSF: Open-source security research platform for mobile apps 2024-03-14 at 07:30 By Mirko Zorz The Mobile Security Framework (MobSF) is an open-source research platform for mobile application security, encompassing Android, iOS, and Windows Mobile. MobSF can be used for mobile app security assessment, penetration testing, malware analysis, and privacy evaluation. The Static Analyzer is adept

MobSF: Open-source security research platform for mobile apps Read More »

RiskInDroid: Open-source risk analysis of Android apps

Android, code analysis, Don't miss, GitHub, Hot stuff, News, open source, scanning, software /

RiskInDroid: Open-source risk analysis of Android apps 2024-03-06 at 07:30 By Mirko Zorz RiskInDroid (Risk Index for Android) is an open-source tool for quantitative risk analysis of Android applications based on machine learning techniques. How RiskInDroid works “A user should be able to quickly assess an application’s level of risk by simply glancing at RiskInDroid’s

RiskInDroid: Open-source risk analysis of Android apps Read More »

What does optimal software security analysis look like?

Artificial Intelligence, code analysis, Codean, cybersecurity, Don't miss, Features, fuzzing, Hot stuff, machine learning, News, opinion, software /

What does optimal software security analysis look like? 31/08/2023 at 07:01 By Mirko Zorz In this Help Net Security interview, Kevin Valk, co-CEO at Codean, discusses the consequences of relying solely on automated tools for software security. He explains how these tools can complement human knowledge to enhance software security analysis and emphasizes the need

What does optimal software security analysis look like? Read More »

Scroll to Top