Veracode

Anthropic's Mythos announcement reveals AI is transforming software faster than security teams can adapt. The organizations that win won’t be the ones that simply find more flaws. They’ll be the ones that can prove their software can be trusted. We're in a new era where AI accelerates both software creation AND exploitation at machine speed. The old question, “did we scan it?” no longer holds up. Software is changing constantly, built from expanding third party components, and increasingly influenced by AI. At the same time, exploit windows are shrinking fast. The real question now is simple: can you trust your software? This shift changes the economics of software risk and exposes the limits of legacy models built for slower systems. Discover more from our CEO Brian Roche on what organizations who win in this new era will be doing in our new blog. 🔗 https://lnkd.in/eey-8eV2

AI is accelerating cybersecurity in ways most organizations aren’t prepared for. In this piece from SecurityBrief UK, Anthropic’s Project Glasswing brings together a coalition of major technology and security players to explore how frontier AI models can identify vulnerabilities at scale and connect them into more complex attack paths. As Veracode's Julian Totzek-Hallhuber points out, the pace is what stands out. These systems are uncovering issues that have gone unnoticed for years, while organizations still take more than five months on average to remediate vulnerabilities. At the same time, access to these capabilities remains limited. And while discovery is accelerating, the fundamentals of application security have not changed. Teams still need the governance, processes, and expertise to reduce risk over time. Worth a read as the industry starts to grapple with what this new pace of security really means. https://lnkd.in/e5jEhkku

Malicious URLs in software packages surged by 179% in the final quarter of the last fiscal year. Attackers are escalating their efforts to compromise high-trust dependencies. In our Spring 2026 Threat Research Review, we analyzed the latest software supply chain trends to help you stay ahead of the next wave of sophisticated attacks. Swipe to see an important trends revealed in the data. Standard reactive security is no longer sufficient. Securing your software supply chain requires a proactive, defense-ready approach to protect your developers, users, and business operations. Read the full Spring 2026 Threat Research Review for comprehensive data and actionable insights to secure your software development lifecycle. 🔗 https://lnkd.in/esNybuRm

AI is accelerating software development, but it is also introducing new supply chain risks at scale. You cannot secure modern software with outdated methods. Time is running out to register for our exclusive live demonstration on April 16 at 11:00 AM ET: Defending the Modern Supply Chain: A Live Demo. We are bypassing the theoretical presentations to give you actionable insights. You will watch a real-world application vulnerability exploited and see the exact steps required to implement a secure, lasting fix in real time. In this interactive session, you will learn how to: 🔷 Block threats proactively using an advanced package firewall to filter malicious dependencies before they enter your CI/CD pipeline. 🔷 Find and fix open-source vulnerabilities fast using modern Software Composition Analysis (SCA) and unified risk management. 🔷 Enhance team efficiency with AI-driven solutions that automate remediation and drastically reduce false positives. You do not have to choose between speed and security. Equip your team with the data and modern tools needed to deliver high-quality, secure software from the start—without slowing down developer workflows. Register now to claim your spot before it is too late: https://lnkd.in/eUeYms95 #SupplyChainSecurity #DevSecOps #AppSec

Behind every secure application is a developer navigating growing pressure, fragmented tools and constant interruptions. Timothy Jarrett, VP at Veracode, explores how inefficient security workflows are quietly driving burnout across development teams. From tool sprawl to alert fatigue, the hidden costs are stacking up and impacting both productivity and security outcomes. Read the full article only at NODE: https://lnkd.in/eHmgWEK7 #CyberSecurity #DevOps #DeveloperExperience #AI #SoftwareDevelopment #Leadership #Automation

Open source risk is everywhere in modern applications. Fixing it quickly is what matters. With Veracode Fix for SCA, developers can remediate vulnerable libraries directly in their workflow. From a pull request, Fix identifies affected dependencies, generates upgrades, and creates a ready-to-review pull request with clear explanations of what changed and why. No ticket hopping. No manual triage. Just faster, automated remediation built into the development process. The result: less time spent chasing vulnerabilities, more time focused on building. Watch the demo from the #RSAC2026 show floor.

Compliance doesn't have to be a roadblock. Navigating the web of global regulations—GDPR, HIPAA, CCPA, DORA—often feels like a full-time job that pulls focus away from innovation. But what if you could transform these complex requirements into seamless, automated workflows? Our new infographic visualizes how a unified, compliance-first AppSec posture streamlines your entire security operation. By moving away from fragmented tools, you can turn compliance from a reactive burden into a strategic advantage. See how a unified platform delivers: ✅ Global Compliance Mastery: Verify strict adherence to major mandates through unified testing and reporting. ✅ Automated DORA Resilience: Ensure robust, audit-ready operational resilience without the manual scramble. ✅ Supply Chain Governance: Automatically block malicious components and generate real-time, verifiable SBOMs. Stop chasing audits and start embedding security into every phase of development. 👉 View the infographic: https://lnkd.in/eJy8TCky #AppSec #Compliance #DevSecOps #DORA #GDPR

For anyone navigating the intersection of AI and security, this new blog by Chris Wysopal reflecting on RSAC Conference 2026 is a must-read. Chris dives into the real conversations happening beyond the buzzwords: how GenAI is accelerating the exposure of long-standing risks, the rise of 'vibe coding,' and the looming 'vulnpocalypse' as LLMs uncover years of hidden vulnerabilities. His key takeaway? The fundamentals still matter. AI isn't replacing disciplined engineering practices; it's revealing where they're missing. Check out his full insights here: https://lnkd.in/dvup97Pd #RSAC2026

The “Vulnpocalypse” is here. AI is accelerating how vulnerabilities are discovered. Agentic tools are identifying logic and authorization flaws at a speed previously impossible. At the same time, most organizations are carrying significant security debt: Veracode data shows the average time to fix a flaw is around 260 days. As AI-driven discovery scales across both defenders and attackers, the volume of identified vulnerabilities will continue to increase. Without faster remediation, that gap will grow. The focus for AppSec teams is clear: improve remediation speed, adopt automation, and integrate fixing into the development lifecycle. As AI contributes more to code creation, it also needs to play a role in fixing it. Learn more with this video from Veracode's Chris Wysopal.

As AI reshapes software development, teams are under more pressure than ever to move fast while staying aligned with security and compliance requirements. Join Veracode’s Cody Bertram, along with Jay Ryan from Security Compass and experts from Carahsoft, for a practical discussion on how to maintain visibility, control, and trust across the development pipeline without slowing innovation. We’ll cover actionable strategies for building a resilient DevSecOps program, improving alignment across teams, and keeping pace with modern delivery demands in an AI-driven environment. Register here: https://lnkd.in/evkUSf_s #DevSecOps #AppSec #AI #Compliance #SoftwareSecurity