Blog

Insights from application security experts and industry leaders

Featured

Kodem just built the world’s only Dev to Prod Agentic Taskforce in Cyber

Jul 28, 2025

At RSAC 2025, we launched Kai, the first AI-native application security engineer. Today, we’re expanding it into a fully agentic task force that truly performs AppSec tasks from start to finish. 

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Kodem just built the world’s only Dev to Prod Agentic Taskforce in Cyber

At RSAC 2025, we launched Kai, the first AI-native application security engineer. Today, we’re expanding it into a fully agentic task force that truly performs AppSec tasks from start to finish. 

July 28, 2025
Application Security
Runtime Intelligence
Vulnerabilities

FedRAMP RFC-0012

The Federal Risk and Authorization Management Program (FedRAMP) recently released RFC-0012, marking a notable shift towards more stringent standards for continuous vulnerability management. Cloud providers and security teams must adjust quickly to stay compliant and secure (FedRAMP, 2024).

July 25, 2025
Compliance

Vulnerability Alert: CVE‑2025‑23266: NVIDIAScape: Three‑Line Container Escape in NVIDIA Container Toolkit

CVE‑2025‑23266, nicknamed NVIDIAScape, is a pre‑execution flaw in the NVIDIA Container Toolkit.

July 25, 2025
Vulnerabilities

How Rapyd Used Kodem to Shift from Volume to Impact

Rapyd, a global fintech platform operating in over 100 countries, partnered with Kodem to modernize its application security program. Faced with mounting vulnerabilities and a shortage of specialized AppSec talent, Rapyd needed more than another scanner—it needed a platform that could think like an expert. Kodem delivered measurable reductions in triage time, rework, and risk exposure by focusing on what attackers can actually exploit.

July 24, 2025
Kodem News

Vulnerability Alert: CVE-2025-25257: Pre-Auth SQL Injection to Full RCE in Fortinet FortiWeb Fabric Connector

CVE-2025-25257 is a critical vulnerability in Fortinet FortiWeb Fabric Connector. It allows unauthenticated SQL injection, which attackers escalate into remote code execution (RCE) on affected appliances.

July 21, 2025
Vulnerabilities

Vulnerability Alert: CVE-2025-47812: Wing FTP Server Remote Code Execution Vulnerability (Null Byte Injection)

CVE-2025-47812 is a critical vulnerability affecting Wing FTP Server versions prior to 7.4.4. This severe security flaw enables unauthenticated attackers to execute arbitrary code remotely (RCE) by exploiting inadequate validation of input containing null bytes (%00) in the authentication process

July 12, 2025
Vulnerabilities

EPSS vs. Exploitability: Why Probability ≠ Risk in Your Environment

The Exploit Prediction Scoring System (EPSS) is a data-driven model that predicts the likelihood a given software vulnerability will be exploited in the wild.

July 1, 2025
Agentic Security

Multi-Agent Architectures: The Next Leap in Application Security

Most security tools today, static analyzers, fuzzers, even single-agent LLMs, struggle to find complex, multi-step vulnerabilities. But the emerging model of multi-agent collaboration can fundamentally transform vulnerability discovery. Argusee’s recent results are just a glimpse of what's possible.

June 11, 2025
Application Security
Runtime Intelligence
Vulnerabilities

When o3 found a Zero-Day

The Beginning of AI-Native Security Research

May 28, 2025
No items found.

Exploit Trigger Detection: A new frontier in Application Protection

Application Detection and Response (ADR) technologies are essential for identifying and mitigating runtime attacks. Yet, many existing approaches struggle to detect nuanced, logic-based vulnerabilities effectively.

May 27, 2025
Runtime Intelligence

Navigating 2025 Secure SDLC Regulations

Understanding domestic and international regulatory landscapes is crucial to ensuring compliance and enhancing security postures. This blog post explores key software security mandates worldwide, including those from the United States, European Union, and Asia-Pacific, providing a comprehensive guide on navigating these complex regulations for a secure software development lifecycle.

May 23, 2025
Compliance

So Our CTO Is Making Us Move to Cursor… Next Week…

By someone who used to review every PR, and now reviews AI-generated diffs. Software development is about to look very different.

May 15, 2025
Application Security