Generative AI

Scanner Results Are a Starting Point. Here’s What Comes Next. – Federico Kirschbaum – ASW #386

June 9, 2026

Most AppSec teams are working through more findings than their teams can validate. SAST surfaces thousands of potential issues. DAST generates alert volume that outpaces triage capacity. Somewhere in that output are the vulnerabilities that matter, the ones that are actually exploitable in production. This conversation explores why automated testin...

Futuristic Digital Padlock and Cyber Security Concept with Binary Data Streams

AI/ML

IBM, Red Hat launch Project Lightwell to secure open-source software

Steve ZurierMay 28, 2026

IBM and Red Hat launch $5 billion effort to secure open-source software supply chains.

AI/ML

Cisco study finds major frontier models susceptible to multi-turn prompt injection attacks

Laura FrenchMay 28, 2026

Single-turn attack success rates are not a reliable benchmark for model safety, Cisco concludes.

AI agent data tools and workflow automation concept with businessman typing on laptop and interacting with digital process interface for artificial intelligence development, integration, productivity

Application security

OWASP launches FinBot to help developers secure AI agents

OWASP GenAI Security Project Team May 28, 2026

OWASP’s FinBot gives developers hands-on training to secure AI agents.

Application security

AppSec Conversations on Agents, LLMs, and OWASP from RSAC – Scott Clinton, Janet Worthington, Merritt Maxim – ASW #384

May 26, 2026

We showcase recordings from this year's RSAC. At RSAC Conference 2026, Scott Clinton, Co-Chair and co-founder of the OWASP GenAI Security Project, shares insights from the project’s latest research, including new landscape guides and evolving approaches to securing generative and agentic AI systems. The conversation explores critical gaps in GenAI ...

Application security

The State of AI & AppSec – Keith Hoodlet – ASW #383

May 19, 2026

This year has been a dichotomy of established secure design fundamentals and burgeoning chaos of LLM-driven vuln discovery. Keith Hoodlet returns to share his latest observations on what the recent news about Mythos, models, and harnesses means for appsec. He walks through the problems of misalignment, the potential development doom that looms behi...

AI/ML

Google reports first known AI-assisted zero-day exploit in the wild

Laura FrenchMay 12, 2026

Attackers used AI to create an exploit script for a 2FA bypass flaw in an open-source project.

AI/ML

Vibe coding has cybersecurity asking what AI can — and can’t — replace

Laura FrenchMay 11, 2026

Cyber pros balance hype, skepticism and uncertainty as AI coding disrupts industry norms.

Generative AI

Scanner Results Are a Starting Point. Here’s What Comes Next. – Federico Kirschbaum – ASW #386

IBM, Red Hat launch Project Lightwell to secure open-source software

Cisco study finds major frontier models susceptible to multi-turn prompt injection attacks

OWASP launches FinBot to help developers secure AI agents

AppSec Conversations on Agents, LLMs, and OWASP from RSAC – Scott Clinton, Janet Worthington, Merritt Maxim – ASW #384

The State of AI & AppSec – Keith Hoodlet – ASW #383

Google reports first known AI-assisted zero-day exploit in the wild

Vibe coding has cybersecurity asking what AI can — and can’t — replace

Fast Five

Selected by the SC Media Editorial team every Tuesday.