Blog

Vector databases such as Pinecone, Weaviate, and Milvus are critical components of AI applications. Their JavaScript and TypeScript clients allow developers to embed, query, and retrieve high-dimensional vectors. These integrations come with application security risks, particularly when vector stores are treated as trusted rather than adversarial environments.

Frameworks such as LangChain, LangGraph, and CrewAI are quickly entering enterprise JavaScript and TypeScript codebases. They enable developers to connect large language models (LLMs) to tools, APIs, and databases. This functionality introduces new attack surfaces. Application security teams must evaluate these frameworks as adversarial environments, not trusted middleware.

SDKs from Vercel, OpenAI, and Anthropic are widely used to embed AI functionality into JavaScript and TypeScript applications. They simplify model calls, but they also expand the attack surface. Application security issues range from credential exposure to unvalidated model outputs influencing downstream execution.

This series will dissect the AI application stack layer by layer, analyzing real-world security issues in the packages, frameworks, and runtimes that developers rely on today.

Next.js (Vercel), React, Vue, and Angular are the dominant full-stack frameworks in JavaScript and TypeScript. They speed up development but introduce recurring security weaknesses. For product security teams, these weaknesses have been exploited in production and must be addressed at the application level.

A malicious actor published tainted Nx releases to npm on August 26–27, 2025, inserting a postinstall payload that harvested secrets, stole GitHub/npm tokens, and exfiltrated them through new GitHub repositories created inside victim accounts. This is an active supply-chain attack with the potential to cascade from compromised developer endpoints into source control, CI/CD, and production.

License compliance is one of the oldest disciplines in application security. For more than two decades, organizations have relied on Software Composition Analysis (SCA) tools to identify copy-left licenses, produce audit trails, and reduce legal risk. Kodem’s new license enforcement capability represents the first real breakthrough in years.

In 2024, more than 33,000 CVEs were disclosed, an all‑time high, but only about 12% of those labeled “Critical” actually proved exploitable. Meanwhile, high‑profile exploit chains like Pegasus and Blastpass, and careless breaches like the Tea app hack, reveal that Medium‑ranked or poorly‑coded vulnerabilities, rather than CVSS labels, often lead to real attacker impact.

Kodem recently identified two security issues in Claude Code: a misconfiguration allowing circumvention of user approval and a subsequent Denial-of-Service (DoS) condition.

At RSAC 2025, we launched Kai, the first AI-native application security engineer. Today, we’re expanding it into a fully agentic task force that truly performs AppSec tasks from start to finish. 

The Federal Risk and Authorization Management Program (FedRAMP) recently released RFC-0012, marking a notable shift towards more stringent standards for continuous vulnerability management. Cloud providers and security teams must adjust quickly to stay compliant and secure (FedRAMP, 2024).

CVE‑2025‑23266, nicknamed NVIDIAScape, is a pre‑execution flaw in the NVIDIA Container Toolkit.