Source code stories

Leapwork unveils enterprise validation suite with new performance and AI testing tools as firms race to manage faster software releases.

Anthropic’s Claude Code is under scrutiny after researchers found deny rules can weaken in long workflows, raising fresh concerns for AI-driven development.

Avocado urges Australian firms to tighten repository security as the ACSC reissues a high alert on active supply chain attacks and secrets sprawl.

ExpressVPN expands beyond VPNs with encrypted AI chats, launching ExpressAI on confidential computing enclaves after an audit by cybersecurity firm Cure53.

Sysdig unveils runtime security for AI coding agents, promising real-time monitoring of autonomous dev tools to curb emerging risks.

SpecterOps broadens BloodHound Enterprise to map identity attack paths across Okta, GitHub and Jamf-managed Macs in hybrid environments.

AI-fuelled coding drives record 29 million hardcoded secrets on GitHub in 2025, with leaks from AI tools and services surging sharply.

Secure Code Warrior launches SCW Trust Agent: AI, giving security teams commit-level visibility and control over AI-influenced code.

Checkmarx overhauls its One platform with AI-native security agents to guard fast-moving, agentic development and AI software supply chains.

MIND launches Autonomous DLP Analyst to automate classification and investigation, cutting noisy alerts and easing data security workloads.

GitProtect DevOps backup lands on Microsoft Marketplace, giving Azure customers streamlined procurement and deployment for code protection.

Global cyber attacks hit 2,090 a week in January as ransomware surges and risky GenAI use exposes fresh data-leak and intrusion paths.

Tailscale launches Aperture in open alpha, adding an identity-based gateway to log, govern and standardise workplace AI and agent use.

AI is supercharging supply chain cyber attacks across Asia-Pacific, with Group-IB warning single hacks now threaten thousands of victims.

Armis launches AI-native Centrix platform to secure application code, aiming to cut false alarms and safeguard AI-assisted development.

DryRun launches DeepScan Agent, an AI tool that scans whole codebases in hours to rank real-world security risks and speed remediation.

HackerOne launches Agentic PTaaS, blending AI agents with human experts to deliver continuous, always-on penetration testing for enterprises.

Harmonic finds six genAI apps drive 92.6% of enterprise data exposure risk, with ChatGPT alone responsible for more than 70% of cases.

Keeper launches a zero-knowledge secrets manager extension for JetBrains IDEs, aiming to eliminate hardcoded credentials in codebases.

Generative AI tools drive a surge in workplace data breaches, with monthly policy violations more than doubling as shadow AI use persists.