AppSec stories

AI coding tools are speeding software delivery for Australian firms but overwhelming security teams and exposing unprecedented risks.

Okta launches Agent Discovery to uncover and rein in shadow AI agents, mapping risky app access and tightening identity-based controls.

Backslash raises USD $19m to secure emerging AI ‘vibe coding’ workflows as autonomous agents reshape how enterprise software is built.

CodeHunter extends its behavioural malware analysis into CI/CD pipelines, targeting risky software artefacts before they reach production.

Aerospike Database 8 now embeds default dynamic data masking, tightening PII protection while easing compliance and operational overhead.

DigiCert warns UltraDNS DDoS attacks spiked to record levels in December 2025, driven by massive Aisuru and Kimwolf botnets.

Tenable warns ‘LookOut’ flaws in Google Looker could hand attackers server control, expose secrets and enable cross-tenant cloud access.

Moltbook left a Supabase key exposed, leaking AI chats, 30,000 emails and 1.5 million API keys in a cautionary tale of vibe coding risk.

Qodo 2.0 launches multi-agent AI code review to boost trust in autogenerated code, claiming 11% better detection of critical issues.

Developers granting AI agents broad, unsupervised access to code and systems are creating new software supply chain and data exposure risks.

DryRun launches DeepScan Agent, an AI tool that scans whole codebases in hours to rank real-world security risks and speed remediation.

Tenable warns unpatched self-hosted Google Looker systems face remote takeover, data theft and cross-tenant cloud attack risks.

RapidFort secures USD $42m Series A to scale automated software supply chain security and continuous vulnerability remediation.

Security Journey launches AI-era developer manifesto and revamped platform to embed secure coding into everyday workflows and tooling.

A security lapse at AI agent service Moltbook exposes risky default database settings, raising fresh alarms over agentic system safeguards.

DigiCert warns Q4 internet traffic stayed high as DDoS and app-layer attacks grew longer and more intense, eroding traditional peak seasons.

Cybercriminals abused Hugging Face to host rapidly mutating TrustBastion Android malware stealing credentials across Asia-Pacific.

AI security fears and rapid release cycles are pushing firms to demand faster, deeper pentesting - and many are ready to ditch existing vendors.

HackerOne launches Agentic PTaaS, blending AI agents with human experts to deliver continuous, always-on penetration testing for enterprises.

AI-driven cloud adoption is forcing firms to swap static privacy checklists for continuous, real-time defence of sensitive data flows.