Documents & Videos

This talk is a follow-on to our September 2025 research on denial-of-service and permission escape in Claude Code. We now examine how LLM-powered coding agents can be weaponized end-to-end, including paths to remote code execution. Using Claude Code as a primary case study, and extending to VS Code extension exploits and recent Cursor incidents, we show how agent autonomy, extension APIs, and execution boundaries collapse into a practical RCE surface.

Hear a lively discussion with de-FUD podcast hosts @Nancy Wang, Venture Partner, Felicis, and @Ashish Popli, RiskEyeQue as they chat with Aviv Mussinger about cloud security, the right way to shift left... and cake 😀

Hear the CEO of Kodem Security discuss the Kodem platform and our innovative approach to application security. Learn about Kodem's mission, vision and impact on the industry.

In this episode of "30 Minutes on: Vulnerability Management," host James Berthoty interviews Aviv Mussinger, CEO and Co-Founder of Kodem. Aviv shares his journey, highlighting how his deep-rooted interest in technology led to a career in application security that revolutionized the field.

AI in Security Workflows
‍
James Berthoty and Surag Patel, CEO of Pixee, discuss the role of AI in application security and the challenges of integrating AI into security solutions. Both emphasize the importance of understanding the problem before deciding to use AI and highlight the need for AI to be additive and specific in its application. The conversation also delves into the use of AI in baselining and the considerations for using AI in security workflows.

The Path to MLBOM

James Berthoty interviews Jacob Barkay, a product security architect at Edwards Life Sciences. They discuss the impact of large language models (LLMs) on product security, especially in regulated industries like healthcare. Jacob emphasizes the importance of ensuring the security of LLMs, transparency, and rigorous checks. He highlights the evolving nature of AI security standards and the need for data scientists to understand these risks.

Prompt Injections and Beyond
‍
In this conversation, James Berthoty talks with Elad Shulman, CEO and co-founder of Lasso Security. Elad emphasizes the importance of understanding and mitigating risks associated with GenAI, such as data leaks, manipulation of models, prompt injections and unknown threats. They also touch on how different teams within organizations approach AI security and the evolving use cases for AI in enterprises.

Hacking with AI
‍
Joseph Thacker, Principal AI Engineer at AppOmni, discusses how AI and LLMs can boost creativity in tasks like testing and bug bounties by offering a variety of solutions. To maximize AI's effectiveness, Joseph emphasizes the importance of providing it with extensive context, ensuring the AI tool has a clear understanding of what’s being evaluated. When applying AI to active web applications, he highlights the need for a decision-making core that can effectively process key elements such as the host, path, and other contextual information. This deeper understanding enables AI to make more accurate and informed assessments, enhancing its overall performance in cybersecurity tasks.