Wes Roth (@WesRoth)

Gemini팀이 GeminiCLI 기반의 오픈소스 AI 코드 보안 에이전트를 배포했다고 보고했습니다. 이 에이전트는 Openclaw 프로젝트의 치명적 취약점을 자동으로 탐지하고, 개념 증명(POC)을 생성하며, 직접 풀 리퀘스트까지 열어 문제를 해결한 사례를 공유했습니다. 자동화된 코드 보안/수정 워크플로우의 실사용 사례입니다.

https://x.com/WesRoth/status/2018255572857237695

#gemini #aisecurity #opensource #codesecurity

Be like Bettina Dutler start signing your Git commits with SSH today!

At SmartGit we documented how easy this is with GitHub and GitLab!

#Git #SSH #DevOps #SmartGit #CodeSecurity#SoftwareEngineering

👾 Behold, the breathtaking breakthrough of rendering #graphics at the speed of a caffeinated snail using the legendary micro-teeny-tinygrad! 🎨✨ Apparently, #GitHub has decided we need yet another #AI tool to clutter our already overflowing virtual garages. Who knew code security could be so... miniscule? 🔍🔒
https://github.com/quantbagel/gtinygrad #Tools #MicroTinygrad #CodeSecurity #HackerNews #ngated

🎉 Ah, the KIM-1 turns 50, and what better way to celebrate than a GitHub demo no one asked for, buried under a pile of buzzword salad? 🤖 Just remember, folks: nothing screams "party" like platform #AI and code security lingo. 🎂
https://github.com/netzherpes/KIM1-Demo #KIM1 #50thAnniversary #GitHubDemo #BuzzwordSalad #CodeSecurity #HackerNews #ngated

“Noise reduction alone isn’t the goal; accuracy on real risks is.”
— James Wickett, CEO & Co-founder, DryRun Security

Why application security needs context at code review - and why intent matters more than alert volume.

Read more:
https://www.technadu.com/why-application-security-needs-context-at-code-review-not-more-alerts/616254/

#AppSec #DevSecOps #CodeSecurity #InfoSec

Đang tìm kiếm mô hình/công cụ để quét và phát hiện mã độc trong dự án mã nguồn mở. Đang cân nhắc Nemotron, GPT-OSS, Qwen Coder hoặc liệu có mô hình điều chỉnh/tập trung chuyên sâu nào khác hỗ trợ? Cần gợi ý từ cộng đồng! #AiAnToan #PhanTichMa #OSS #CodeSecurity #MalwareDetection

https://www.reddit.com/r/LocalLLaMA/comments/1psr8rl/looking_for_modelsprojects_to_scan_and_detect/

AI models often miss IaC security flaws—not because they lack power, but because they lack focus.

This benchmark shows how accuracy improves when AI gets clear context, tight scope, and an understanding of why a fix works.

It’s the difference between a quick patch and real remediation.

At AppSec Village, we appreciate sponsors like Symbiotic AI, who push for true precision in AI-powered security.

Read the full article →
https://www.symbioticsec.ai/blog/cracking-code-insights-ai-powered-code-security-remediation?utm_source=apv&utm_medium=technical&utm_campaign=apv&utm_id=apv

#AI #AIBenchmarks #CodeSecurity #DevSecOps

Developer-first security isn’t buzzwords or “shift left.”

It’s giving developers context, clarity, and tools that reduce cognitive load—not add more alerts or friction.

This article breaks down why most approaches fall short, and what real developer-first security looks like in practice.

At AppSec Village, we’re here for sponsors like Symbiotic Security who actually support how developers work.

Read it here: https://www.symbioticsec.ai/blog/real-conversation-about-developer-first-security?utm_source=apv&utm_medium=technical&utm_campaign=apv&utm_id=apv

#AI #CodeSecurity #DevSecOps #DeveloperFirstSecurity

🚨 OH NO! React Server Components can't catch a break! 🎉 Just when you thought it was safe to deploy... surprise! More vulnerabilities! 😱 But hey, at least they're not letting hackers run wild with RCE, just crash your server and peek at your code. 🤦‍♂️ So much for smooth sailing, React team!
https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components #ReactServerComponents #vulnerabilities #ServerCrash #CodeSecurity #HackerNews #HackerNews #ngated

Una vulnerabilidad crítica en GitHub Actions permitía a atacantes saltarse restricciones de seguridad en repositorios privados. Asegúrate de que tus workflows no usen expresiones dinámicas no confiables. La actualización es crucial para proteger tu código.

#GitHub #Seguridad #Vulnerabilidad #DevSecOps #CodeSecurity

"AI-driven security and spec-first IDEs are revolutionizing software development. Tools like Defender for Cloud and GitHub Advanced Security offer runtime insights, while spec-first tools like Kiro and Spec Kit embed security into code from the start. Faster remediation, better security, and a shift from code-first to intent-first development. #AIInnovation #DevSecOps #SpecFirst #CodeSecurity #SoftwareEngineering"

https://saysomething.hashnode.dev/ai-driven-security-spec-first-development-reshaping-secure-software

OpenAI Aardvark: The AI Security Tool for Developers Are you ready for AI-powered security?
https://eproductempire.blogspot.com/2025/11/openai-aardvark-gpt-5-security-tool.html #OpenAI #Aardvark #GPT5 #AISecurity #CyberSecurity #DeveloperTools #CodeSecurity #DevSecOps #TechNews #AI

OpenAI has launched Aardvark, an autonomous “agentic security researcher” powered by GPT-5.

It scans codebases for vulnerabilities, validates exploitability in sandboxed environments, and auto-generates potential patches.

Early reports show 10+ CVEs identified in open-source projects.

What’s your view - is AI-driven vulnerability research the future of cybersecurity or another layer of risk?

#CyberSecurity #OpenAI #GPT5 #Aardvark #Infosec #AI #DevSecOps #VulnerabilityManagement #MachineLearning #CodeSecurity #TechNews

What does “developer-first security” really look like?
This article from Symbiotic Security unpacks why more alerts ≠ better security.

At AppSec Village, we believe these convos are key to bridging security + devs.

https://www.symbioticsec.ai/blog/real-conversation-about-developer-first-security?utm_source=apv&utm_medium=technical&utm_campaign=apv&utm_id=apv

#CodeSecurity #DevSecOps #AI

via @dotnet : .NET and .NET Framework October 2025 servicing releases updates

https://ift.tt/8fz4RwU
#DotNet #DotNetFramework #October2025 #SecurityUpdates #CVE #SoftwareDevelopment #Programming #ReleaseNotes #TechUpdates #DevCommunity #CodeSecurity #SoftwareEng…

Codoki.ai báo cáo kết quả ấn tượng: trong 3 tuần, 500 lượt đăng ký và phát hiện 820 lỗ hổng bảo mật trong mã nguồn do AI tạo ra. Mục tiêu của Codoki là đảm bảo an toàn, bảo mật và độ tin cậy cho mã AI, trở thành "cổng chất lượng" giúp dev tạo code sạch hơn.

#Codoki #AI #Security #CodeSecurity #Vulnerability #PhátHiệnLỗHổng #BảoMậtMãNguồn #AIcode #CôngNghệ #TechNews #DevTools

https://www.reddit.com/r/programming/comments/1o37hfv/3_weeks_500_signups_820_security_vulnerabilities/

El lado del mal - CodeMender: Un Agente IA para buscar bugs y parchear código fuente https://www.elladodelmal.com/2025/10/codemender-un-agente-ia-para-buscar.html #AgenticAI #Ciberseguridad #IA #AI #BugBounty #Bug #Gemini #InteligenciaArtificial #OpenSource #Hardening #CodeSecurity

Google DeepMind ra mắt Codemender, tác nhân AI mới về bảo mật mã nguồn. Codemender tự động tìm và sửa các lỗ hổng bảo mật, đã gửi 72 bản vá chất lượng cao cho các dự án mã nguồn mở lớn. Sắp có mặt công chúng!
#Codemender #AI #CodeSecurity #GoogleDeepMind #BảoMậtMãNguồn #TríTuệNhânTạo

https://www.reddit.com/r/singularity/comments/1nzjgxf/google_deepmind_introduces_new_ai_agent_for_code/

😱 Breaking news: Someone discovered a #webshell and a normal file share an MD5 hash! 🚨 Stop the presses, this changes everything! Meanwhile, #GitHub is busy deploying #AI to write better code while nobody noticed the hash collision between a sandwich and a rock. 🍔🗿
https://github.com/phith0n/collision-webshell #BreakingNews #HashCollision #CodeSecurity #HackerNews #ngated

If you train ML models, they can learn to write more secure code. But the quality of the training data is only as good as your AppSec tooling. #AICoding #SecureDevelopment #CodeSecurity #SoftwareDevelopment
https://jpmellojr.blogspot.com/2025/09/how-ai-coding-tools-can-learn-to.html