Ransomware attacks typically don't care about memory safety and dependency scanning, they often target old, unpatched vulns and too often they succeed. Rob Allen shares some of the biggest cases he's seen, what they have in common, and what appsec teams could do better to help them. Too much software still requires custom configuration to make it m...
Interest and participation in the OWASP GenAI Security Project has exploded over the last two years. Steve Wilson explains why it was important for the project to grow beyond just a Top Ten list and address more audiences than just developers. He also talks about how the growth of AI Agents influences the areas that appsec teams need to focus on. W...
A Fortune report highlights that foreign investors now hold roughly 30% of U.S. AI stocks, signaling that "America has become one big bet on AI," according to Biometric Update.
CyberScoop reports that OpenAI's latest threat report reveals that state-backed hackers and cybercriminals are increasingly using large language models to enhance existing attack methods rather than invent new ones.
BleepingComputer reports that Google has opted to leave a newly discovered ASCII smuggling attack in its Gemini artificial intelligence chatbot unfixed, noting that the issue could only be abused in social engineering intrusions.
Software has forever had flaws and humans have forever been finding and fixing them. With LLMs generating code, appsec has also been trying to determine how well LLMs can find flaws. Nico Waisman talks about XBOW's LLM-based pentesting, how it climbed a bug bounty leaderboard, how it uses feedback loops for better pentests, and how they handle (and...
