Microsoft’s open source tools were hacked to steal passwords of AI developers

According to security firm Cloudsmith and community-driven malware analysis site OpenSourceMalware, which were some of the ...
PCMag

Gemini 3.5 Flash Is the Fastest AI Coding Model I've Used...and Extremely Error-Prone

Gemini 3.5 Flash is shockingly fast at generating code and spinning up agents, but that speed comes at a cost: sloppy ...
WealthManagement.com

Vanguard Launches AI Tool for Portfolio Analysis

Vanguard has introduced Expert Insights, an AI-enabled portfolio analysis tool designed to help financial advisors deliver personalized investment guidance at scale. The generative AI-powered tool, ...
The Hacker News

Claude Code Security and Magecart: Getting the Threat Model Right

When a Magecart payload hides inside the EXIF data of a dynamically loaded third-party favicon, no repository scanner will catch it – because the malicious code never actually touches your repo. As ...
VentureBeat

Anthropic and OpenAI just exposed SAST's structural blind spot with free tools

OpenAI launched Codex Security on March 6, entering the application security market that Anthropic had disrupted 14 days earlier with Claude Code Security. Both scanners use LLM reasoning instead of ...
csis.org

AI-Driven Code Analysis: What Claude Code Security Can—and Can’t—Do

Q1: How does Claude Code Security function—and how does it differ from traditional static application security testing (SAST)? A1: Conventional rule-based static analysis uses pattern matching, ...
Forbes

From 'Shift Left' To 'Shift Smart': Why AI Agents Will Replace Static Analysis

Over the years, "shift left," a development practice that shifts testing, QA and security initiatives "left" on the timeline, has become the cornerstone of DevSecOps. I've watched it become the ...
cybermagazine

Will Anthropic's Claude Code Security Replace Cyber Tools?

Anthropic launched Claude Code Security to hand defenders an AI powered vulnerability scan and patch tool, which left cybersecurity stocks crumbling The team at Anthropic has decisively stepped into ...
VentureBeat

Meet Aardvark, OpenAI’s security agent for code analysis and patching

An aardvark works in an office typing at a desktop PC while happy human workers mill about in the background. Credit: VentureBeat made with ChatGPT Positioned as a scalable defense tool for modern ...
sei.cmu

Automated Code Repair for C/C++ Static Analysis

Details the application of design, development, and performance testing to an automated program repair tool we built that repairs C/C++ code. Static analysis (SA) tools produce many diagnostic alerts ...
InfoWorld

Microsoft C++ static analysis tool bolsters warning suppressions

The Microsoft C++ Code Analysis tool has been updated to provide better tracking, justification, and overall management of warning suppressions. These improvements lead to a more maintainable and ...
Scientific Research Publishing

Benjamin Livshits, V. and Lam, M.S. (2005) Finding Security Vulnerabilities in Java Applications with Static Analysis. USENIX Security Symposium, 14, 18.

ABSTRACT: Security vulnerabilities are a widespread and costly aspect of software engineering. Although tools exist to detect these vulnerabilities, non-machine learning techniques are often rigid and ...