#code-security — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #code-security, aggregated by home.social.
-
We post-trained a model that pen tests instead of refusing your code
#HackerNews #penTesting #AI #model #codeSecurity #machineLearning #ArgusRed
-
We post-trained a model that pen tests instead of refusing your code
#HackerNews #penTesting #AI #model #codeSecurity #machineLearning #ArgusRed
-
🔥BREAKING NEWS: #Python lovers are *still* trying to make their code run safely—now with a sprinkle of #MicroPython and #WebAssembly magic. 🤦♂️ Simon's alpha package will apparently revolutionize the wheel for anyone who thinks running code securely was ever the problem. 🚀 Spoiler: it wasn't.
https://simonwillison.net/2026/Jun/6/micropython-in-a-sandbox/ #codeSecurity #innovation #HackerNews #ngated -
🔥BREAKING NEWS: #Python lovers are *still* trying to make their code run safely—now with a sprinkle of #MicroPython and #WebAssembly magic. 🤦♂️ Simon's alpha package will apparently revolutionize the wheel for anyone who thinks running code securely was ever the problem. 🚀 Spoiler: it wasn't.
https://simonwillison.net/2026/Jun/6/micropython-in-a-sandbox/ #codeSecurity #innovation #HackerNews #ngated -
Anthropic Unveils Claude Security for AI-Powered Vulnerability Scanning
Boost your organization's security with Claude Security, now in public beta, which scans codebases to detect and fix software vulnerabilities with just a few clicks. Say goodbye to tedious API integrations and custom agent builds - simply access the feature from the Claude.ai sidebar and start…
#AipoweredVulnerabilityScanning #ClaudeSecurity #VulnerabilityManagement #CodeSecurity #EmergingThreats
-
How Anthropic’s Model Context Protocol Allows for Easy Remote Execution
-
How Anthropic’s Model Context Protocol Allows for Easy Remote Execution
-
Firms Scramble to Secure AI-Generated Code
As AI-generated code becomes more prevalent, a pressing question emerges: how much attention should security teams give to code produced by artificial intelligence? The surprising answer: a lot, with 58% of organizations dedicating over 10 hours a month to securing it.
#AigeneratedCode #CodeSecurity #ArtificialIntelligence #EmergingThreats #SecureCoding
-
GitHub Bolsters Secret Scanning, Enhancing API and Workflow Integrations
GitHub improved secret scanning. Developers can now use new API filters and get more details in workflows to manage leaked secrets better. This helps teams fix security issues faster.
#GitHubSecurity, #SecretScanning, #APIIntegration, #DevOps, #CodeSecurity
https://newsletter.tf/github-secret-scanning-api-filters-workflow-help/
-
GitHub's secret scanning tools now offer more control. Developers can use new API filters and get detailed alerts, making it easier to find and fix leaked secrets in code.
#GitHubSecurity, #SecretScanning, #APIIntegration, #DevOps, #CodeSecurity
https://newsletter.tf/github-secret-scanning-api-filters-workflow-help/ -
Cursor's $29.3B code editor marketed Composer 2 as an "in-house" model. A developer found the actual model ID within 24 hours: it was Kimi K2.5, built by Beijing's Moonshot AI. This marks the second undisclosed use of Chinese models in four months, raising questions about transparency when users route proprietary code through these systems.
#AITransparency #CodeSecurity #TechAccountability
https://www.implicator.ai/opinion-cursor-called-it-in-house-it-was-built-in-beijing/
-
Anthropic launches AI security tool that can find software bugs humans miss | Fortune https://fortune.com/2026/02/20/exclusive-anthropic-rolls-out-ai-tool-that-can-hunt-software-bugs-on-its-own-including-the-most-dangerous-ones-humans-miss/ #cybersecurity #Anthropic #codesecurity #ClaudeCodeSecurity #codereview
-
👾 Behold, the breathtaking breakthrough of rendering #graphics at the speed of a caffeinated snail using the legendary micro-teeny-tinygrad! 🎨✨ Apparently, #GitHub has decided we need yet another #AI tool to clutter our already overflowing virtual garages. Who knew code security could be so... miniscule? 🔍🔒
https://github.com/quantbagel/gtinygrad #Tools #MicroTinygrad #CodeSecurity #HackerNews #ngated -
👾 Behold, the breathtaking breakthrough of rendering #graphics at the speed of a caffeinated snail using the legendary micro-teeny-tinygrad! 🎨✨ Apparently, #GitHub has decided we need yet another #AI tool to clutter our already overflowing virtual garages. Who knew code security could be so... miniscule? 🔍🔒
https://github.com/quantbagel/gtinygrad #Tools #MicroTinygrad #CodeSecurity #HackerNews #ngated -
🎉 Ah, the KIM-1 turns 50, and what better way to celebrate than a GitHub demo no one asked for, buried under a pile of buzzword salad? 🤖 Just remember, folks: nothing screams "party" like platform #AI and code security lingo. 🎂
https://github.com/netzherpes/KIM1-Demo #KIM1 #50thAnniversary #GitHubDemo #BuzzwordSalad #CodeSecurity #HackerNews #ngated -
🎉 Ah, the KIM-1 turns 50, and what better way to celebrate than a GitHub demo no one asked for, buried under a pile of buzzword salad? 🤖 Just remember, folks: nothing screams "party" like platform #AI and code security lingo. 🎂
https://github.com/netzherpes/KIM1-Demo #KIM1 #50thAnniversary #GitHubDemo #BuzzwordSalad #CodeSecurity #HackerNews #ngated -
“Noise reduction alone isn’t the goal; accuracy on real risks is.”
— James Wickett, CEO & Co-founder, DryRun SecurityWhy application security needs context at code review - and why intent matters more than alert volume.
-
“Noise reduction alone isn’t the goal; accuracy on real risks is.”
— James Wickett, CEO & Co-founder, DryRun SecurityWhy application security needs context at code review - and why intent matters more than alert volume.
-
AI models often miss IaC security flaws—not because they lack power, but because they lack focus.
This benchmark shows how accuracy improves when AI gets clear context, tight scope, and an understanding of why a fix works.
It’s the difference between a quick patch and real remediation.
At AppSec Village, we appreciate sponsors like Symbiotic AI, who push for true precision in AI-powered security.
Read the full article →
https://www.symbioticsec.ai/blog/cracking-code-insights-ai-powered-code-security-remediation?utm_source=apv&utm_medium=technical&utm_campaign=apv&utm_id=apv -
AI models often miss IaC security flaws—not because they lack power, but because they lack focus.
This benchmark shows how accuracy improves when AI gets clear context, tight scope, and an understanding of why a fix works.
It’s the difference between a quick patch and real remediation.
At AppSec Village, we appreciate sponsors like Symbiotic AI, who push for true precision in AI-powered security.
Read the full article →
https://www.symbioticsec.ai/blog/cracking-code-insights-ai-powered-code-security-remediation?utm_source=apv&utm_medium=technical&utm_campaign=apv&utm_id=apv -
Developer-first security isn’t buzzwords or “shift left.”
It’s giving developers context, clarity, and tools that reduce cognitive load—not add more alerts or friction.
This article breaks down why most approaches fall short, and what real developer-first security looks like in practice.
At AppSec Village, we’re here for sponsors like Symbiotic Security who actually support how developers work.
-
Developer-first security isn’t buzzwords or “shift left.”
It’s giving developers context, clarity, and tools that reduce cognitive load—not add more alerts or friction.
This article breaks down why most approaches fall short, and what real developer-first security looks like in practice.
At AppSec Village, we’re here for sponsors like Symbiotic Security who actually support how developers work.
-
🚨 OH NO! React Server Components can't catch a break! 🎉 Just when you thought it was safe to deploy... surprise! More vulnerabilities! 😱 But hey, at least they're not letting hackers run wild with RCE, just crash your server and peek at your code. 🤦♂️ So much for smooth sailing, React team!
https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components #ReactServerComponents #vulnerabilities #ServerCrash #CodeSecurity #HackerNews #HackerNews #ngated -
🚨 OH NO! React Server Components can't catch a break! 🎉 Just when you thought it was safe to deploy... surprise! More vulnerabilities! 😱 But hey, at least they're not letting hackers run wild with RCE, just crash your server and peek at your code. 🤦♂️ So much for smooth sailing, React team!
https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components #ReactServerComponents #vulnerabilities #ServerCrash #CodeSecurity #HackerNews #HackerNews #ngated -
Contagious Interview attackers go ‘full stack’ to fool developers https://www.csoonline.com/article/4098699/contagious-interview-attackers-go-full-stack-to-fool-developers.html #SoftwareDevelopment #SecurityPractices #CodeSecurity #Security
-
Contagious Interview attackers go ‘full stack’ to fool developers https://www.csoonline.com/article/4098699/contagious-interview-attackers-go-full-stack-to-fool-developers.html #SoftwareDevelopment #SecurityPractices #CodeSecurity #Security
-
"AI-driven security and spec-first IDEs are revolutionizing software development. Tools like Defender for Cloud and GitHub Advanced Security offer runtime insights, while spec-first tools like Kiro and Spec Kit embed security into code from the start. Faster remediation, better security, and a shift from code-first to intent-first development. #AIInnovation #DevSecOps #SpecFirst #CodeSecurity #SoftwareEngineering"
-
"AI-driven security and spec-first IDEs are revolutionizing software development. Tools like Defender for Cloud and GitHub Advanced Security offer runtime insights, while spec-first tools like Kiro and Spec Kit embed security into code from the start. Faster remediation, better security, and a shift from code-first to intent-first development. #AIInnovation #DevSecOps #SpecFirst #CodeSecurity #SoftwareEngineering"
-
Code Formatting Tools Share Secrets by the Thousands: Researchers https://thecyberexpress.com/code-formatting-tools-share-secrets/ #TheCyberExpressNews #leakedcredentials #TheCyberExpress #FirewallDaily #codesecurity #CyberNews #Dataleak
-
Code Formatting Tools Share Secrets by the Thousands: Researchers https://thecyberexpress.com/code-formatting-tools-share-secrets/ #TheCyberExpressNews #leakedcredentials #TheCyberExpress #FirewallDaily #codesecurity #CyberNews #Dataleak
-
OpenAI Aardvark: The AI Security Tool for Developers Are you ready for AI-powered security?
https://eproductempire.blogspot.com/2025/11/openai-aardvark-gpt-5-security-tool.html #OpenAI #Aardvark #GPT5 #AISecurity #CyberSecurity #DeveloperTools #CodeSecurity #DevSecOps #TechNews #AI -
OpenAI has launched Aardvark, an autonomous “agentic security researcher” powered by GPT-5.
It scans codebases for vulnerabilities, validates exploitability in sandboxed environments, and auto-generates potential patches.
Early reports show 10+ CVEs identified in open-source projects.
What’s your view - is AI-driven vulnerability research the future of cybersecurity or another layer of risk?
#CyberSecurity #OpenAI #GPT5 #Aardvark #Infosec #AI #DevSecOps #VulnerabilityManagement #MachineLearning #CodeSecurity #TechNews
-
OpenAI has launched Aardvark, an autonomous “agentic security researcher” powered by GPT-5.
It scans codebases for vulnerabilities, validates exploitability in sandboxed environments, and auto-generates potential patches.
Early reports show 10+ CVEs identified in open-source projects.
What’s your view - is AI-driven vulnerability research the future of cybersecurity or another layer of risk?
#CyberSecurity #OpenAI #GPT5 #Aardvark #Infosec #AI #DevSecOps #VulnerabilityManagement #MachineLearning #CodeSecurity #TechNews
-
What does “developer-first security” really look like?
This article from Symbiotic Security unpacks why more alerts ≠ better security.At AppSec Village, we believe these convos are key to bridging security + devs.
-
What does “developer-first security” really look like?
This article from Symbiotic Security unpacks why more alerts ≠ better security.At AppSec Village, we believe these convos are key to bridging security + devs.
-
via @dotnet : .NET and .NET Framework October 2025 servicing releases updates
https://ift.tt/8fz4RwU
#DotNet #DotNetFramework #October2025 #SecurityUpdates #CVE #SoftwareDevelopment #Programming #ReleaseNotes #TechUpdates #DevCommunity #CodeSecurity #SoftwareEng… -
via @dotnet : .NET and .NET Framework October 2025 servicing releases updates
https://ift.tt/8fz4RwU
#DotNet #DotNetFramework #October2025 #SecurityUpdates #CVE #SoftwareDevelopment #Programming #ReleaseNotes #TechUpdates #DevCommunity #CodeSecurity #SoftwareEng… -
El lado del mal - CodeMender: Un Agente IA para buscar bugs y parchear código fuente https://www.elladodelmal.com/2025/10/codemender-un-agente-ia-para-buscar.html #AgenticAI #Ciberseguridad #IA #AI #BugBounty #Bug #Gemini #InteligenciaArtificial #OpenSource #Hardening #CodeSecurity
-
El lado del mal - CodeMender: Un Agente IA para buscar bugs y parchear código fuente https://www.elladodelmal.com/2025/10/codemender-un-agente-ia-para-buscar.html #AgenticAI #Ciberseguridad #IA #AI #BugBounty #Bug #Gemini #InteligenciaArtificial #OpenSource #Hardening #CodeSecurity
-
😱 Breaking news: Someone discovered a #webshell and a normal file share an MD5 hash! 🚨 Stop the presses, this changes everything! Meanwhile, #GitHub is busy deploying #AI to write better code while nobody noticed the hash collision between a sandwich and a rock. 🍔🗿
https://github.com/phith0n/collision-webshell #BreakingNews #HashCollision #CodeSecurity #HackerNews #ngated -
😱 Breaking news: Someone discovered a #webshell and a normal file share an MD5 hash! 🚨 Stop the presses, this changes everything! Meanwhile, #GitHub is busy deploying #AI to write better code while nobody noticed the hash collision between a sandwich and a rock. 🍔🗿
https://github.com/phith0n/collision-webshell #BreakingNews #HashCollision #CodeSecurity #HackerNews #ngated -
If you train ML models, they can learn to write more secure code. But the quality of the training data is only as good as your AppSec tooling. #AICoding #SecureDevelopment #CodeSecurity #SoftwareDevelopment
https://jpmellojr.blogspot.com/2025/09/how-ai-coding-tools-can-learn-to.html -
🚨 OMG! Someone published evil Nx versions! 😱 Quick, panic and run to GitHub's 'sparkly' AI tools that promise to fix everything with a single click! 🤖✨ Because, of course, code security is just one magical AI away from being solved. 🙄
https://github.com/nrwl/nx/security/advisories/GHSA-cxm3-wv7p-598c #evilNxVersions #GitHub #AITools #codeSecurity #panicMode #techHumor #HackerNews #ngated -
🚨 OMG! Someone published evil Nx versions! 😱 Quick, panic and run to GitHub's 'sparkly' AI tools that promise to fix everything with a single click! 🤖✨ Because, of course, code security is just one magical AI away from being solved. 🙄
https://github.com/nrwl/nx/security/advisories/GHSA-cxm3-wv7p-598c #evilNxVersions #GitHub #AITools #codeSecurity #panicMode #techHumor #HackerNews #ngated -
AI coding tools are a security hazard. Replit's AI destroyed data; Amazon's Q was weaponized. Risks include vulnerabilities, blind trust, and skill erosion. Urgent need for guardrails & oversight. #AIrisks #CodeSecurity #TechEthics #SoftwareDevelopment
-
AI coding tools are a security hazard. Replit's AI destroyed data; Amazon's Q was weaponized. Risks include vulnerabilities, blind trust, and skill erosion. Urgent need for guardrails & oversight. #AIrisks #CodeSecurity #TechEthics #SoftwareDevelopment
-
This article shows how well model inversion reconstructs code and shares vulnerable examples from ChatGPT, CodeGen, and GitHub Copilot. https://hackernoon.com/model-inversion-efficacy-and-qualitative-vulnerability-examples-from-llms #codesecurity
-
This article details code deduplication, prompt transfer, dataset creation, benchmarks, and the effect of sampling temperature on finding vulnerabilities. https://hackernoon.com/the-art-of-prompt-swapping-temperature-tuning-and-fuzzy-forensics-in-ai #codesecurity
-
This article shows "secure code" prompts fail on ChatGPT, more examples find more bugs, and the method effectively targets C code vulnerabilities. https://hackernoon.com/an-analysis-of-chatgpt-instructions-few-shot-scaling-and-c-code-vulnerability-generation #codesecurity
-
This article details the LLMs used (CodeGen, ChatGPT) and a test finding vulnerabilities in GitHub Copilot using the study's few-shot prompting method. https://hackernoon.com/llm-details-and-finding-security-vulnerabilities-in-github-copilot-with-fs-code #codesecurity
-
This article discusses prompt transferability and limitations, concluding with a method for finding and benchmarking LLM code vulnerabilities. https://hackernoon.com/echoes-in-the-code-the-lasting-impact-and-future-path-of-ai-vulnerability-benchmarking #codesecurity