Blog

At RSAC 2025, we launched Kai, the first AI-native application security engineer. Today, we’re expanding it into a fully agentic task force that truly performs AppSec tasks from start to finish. 

The Federal Risk and Authorization Management Program (FedRAMP) recently released RFC-0012, marking a notable shift towards more stringent standards for continuous vulnerability management. Cloud providers and security teams must adjust quickly to stay compliant and secure (FedRAMP, 2024).

CVE‑2025‑23266, nicknamed NVIDIAScape, is a pre‑execution flaw in the NVIDIA Container Toolkit.

Rapyd, a global fintech platform operating in over 100 countries, partnered with Kodem to modernize its application security program. Faced with mounting vulnerabilities and a shortage of specialized AppSec talent, Rapyd needed more than another scanner—it needed a platform that could think like an expert. Kodem delivered measurable reductions in triage time, rework, and risk exposure by focusing on what attackers can actually exploit.

CVE-2025-25257 is a critical vulnerability in Fortinet FortiWeb Fabric Connector. It allows unauthenticated SQL injection, which attackers escalate into remote code execution (RCE) on affected appliances.

CVE-2025-47812 is a critical vulnerability affecting Wing FTP Server versions prior to 7.4.4. This severe security flaw enables unauthenticated attackers to execute arbitrary code remotely (RCE) by exploiting inadequate validation of input containing null bytes (%00) in the authentication process

The Exploit Prediction Scoring System (EPSS) is a data-driven model that predicts the likelihood a given software vulnerability will be exploited in the wild.

Most security tools today, static analyzers, fuzzers, even single-agent LLMs, struggle to find complex, multi-step vulnerabilities. But the emerging model of multi-agent collaboration can fundamentally transform vulnerability discovery. Argusee’s recent results are just a glimpse of what's possible.

The Beginning of AI-Native Security Research

Application Detection and Response (ADR) technologies are essential for identifying and mitigating runtime attacks. Yet, many existing approaches struggle to detect nuanced, logic-based vulnerabilities effectively.

Understanding domestic and international regulatory landscapes is crucial to ensuring compliance and enhancing security postures. This blog post explores key software security mandates worldwide, including those from the United States, European Union, and Asia-Pacific, providing a comprehensive guide on navigating these complex regulations for a secure software development lifecycle.

By someone who used to review every PR, and now reviews AI-generated diffs. Software development is about to look very different.