Cycode

Did you know? 81% of organizations lack complete visibility into AI technologies. AI adoption is near-universal. But AI governance? Not even close. Based on recent research, only a fraction of organizations have complete visibility into where AI is being used in development. Shadow AI, decentralized approvals, and inconsistent training are widening the gap between innovation and control. The fix isn’t more tools. It’s smarter governance, embedded from the start. Learn how leading CISOs are closing the gap → https://lnkd.in/g7r-ry2Z

🦃 Wishing everyone a truly Happy Thanksgiving! 🍁 The Cycode team is sending warm wishes and heartfelt gratitude to our entire community, our dedicated team, supportive partners, and valued customers. We are incredibly thankful for your trust and collaboration. 🙏 What achievements or relationships are you celebrating this year? Share your thanks in the comments! 👇 Have a safe, relaxing, and meaningful holiday weekend! ✨ #Thanksgiving #Gratitude #Cycode #Cybersecurity #HappyHolidays

What to do if you’re affected by the Shai-Hulud 2.0 attack The second wave of the Shai-Hulud attack has hit, and the numbers are staggering. We are seeing 25,000+ compromised repos, 14,000+ secrets exposed, and a sophisticated pivot to cloud infrastructure. Cycode just released a comprehensive Deep Dive & Incident Response Playbook to help you determine if you are impacted and respond to the incident. Inside the guide: 🔍 Full Attack Chain Analysis: From the setup_bun.js loader to the SHA1HULUD runner. 🛑 Key Indicators of Compromise (IoCs): What to hunt for in your file systems and CI logs right now. 🛡️ 5-Phase Incident Response Plan: Step-by-step instructions to Identify, Investigate, Contain, Eradicate, and Recover from the threat as well as analyze post-incident. Read the guide now: https://lnkd.in/g7DJUxxi Special thanks to Jimmy Xu for creating this 🫶

20,000 followers! What an incredible milestone!  🎉 We are so thankful and grateful for our customers, partners, and the entire community. 🙏 🦃 Your support empowers us as we continue our mission to Secure the Software the World Depends On in the AI era. We are truly grateful for your partnership and look forward to building on this momentum 💪Wishing you a wonderful and safe Thanksgiving! Ready to see how we tackle modern Application Security challenges? Connect with us here: https://lnkd.in/gYJb3R7H #ApplicationSecurity #ProductSecurity #appsec #Cybersecurity #AI #20kFollowers #Thanksgiving

The AI Era is here. Is your product security team ready to lead it? The 2026 Product Security Summit: The Great Convergence on Jan 28th isn't about AI taking over—it’s about empowering you to secure software by default. In this half-day virtual event, over 10 speakers will tackle the immediate challenges:  ✅ How to control Shadow AI usage in your org. ✅ The framework for securing AI-Generated Code. ✅ Strategies for human-centric AI Governance. Join us in leading the convergence. Register today: https://lnkd.in/gXTvwst5 P.S. Here's a quick spotlight of our speaker and partner line-up: Nikola Dalcekovic, Daniel Hereford, Sarrah Bang, Chris P., Cássio Batista Pereira, Brad Tenenholtz, Neil Bahadur, Kyle Metivier, Adam Dudley, Lior Levy, Guillaume Montard, Amir Kazemi, Devin Maguire, Prasad Raman, Monica Nio, CMP, HackerOne, Nucleus Security, Sysdig #ProductSecurity #AppSec #AIGovernance #ProdSec2026

December's Newsletter is here and it's HUGE—we're kicking off the highly anticipated 2026 Product Security Summit! ��� Here are the critical updates and announcements you'll find inside: 🚀 Introducing: The 2026 Product Security Summit (Be the first to learn more!) 📈 Unity Doubles Security Coverage and Drives Developer Engagement with Cycode 🔬 When AI Outpaces Security: What Our New Research Reveals About the Future of Product Security Don't miss out on securing your spot at the summit and reading the latest research. Read below for the full Cycode Newsletter | December Insights! #ProductSecurity #SecuritySummit #AppSec #AISecurity #DevSecOps

We’re excited to announce our partnership with StackHawk, bringing together their developer-focused DAST engine with Cycode’s AI-Native Application Security Platform to close one of the biggest gaps in modern AppSec: connecting runtime testing to the code that actually needs fixing. Today, vulnerabilities discovered at runtime often re-emerge in staging or production because developers don’t get clear ownership or context on where the issue lives in the code. This partnership changes that. By uniting StackHawk’s runtime exploitability insights with Cycode’s Risk Intelligence Graph (RIG) and SDLC mapping, teams can now: 🔗 Map runtime findings directly to repositories, commits, and code owners ⚡ Automatically assign remediation work in Jira, GitHub, or GitLab 📈 Prioritize based on exploitability + exposure 🔁 Validate fixes with automated retesting The result is a continuous code-to-runtime feedback loop from discovery to remediation and to validation without the usual handoffs and blind spots. Proud of what our teams are building together. If you're interested in learning more, link in the comments below.

Shai Hulud is back. This second iteration of the npm supply chain attack, dubbed the “Second Coming” by the attackers, again publishes exposed secrets and then attempts to self-replicate. What’s changed is the scale and stealth: the new activity hits a broader set of npm dependencies (including Zapier/ENS-related packages in some cases) and creates randomly named public GitHub repositories that contain stolen data, instead of relying only on the fixed Shai-Hulud / “Shai-Hulud Migration” repo names described in prior reports. Actions you should take: 1️⃣ Audit your dependencies and search for repos with the description "Sha1-Hulud: The Second Coming" 2️⃣ Scan for exposed secrets and rotate secrets 3️⃣ Inspect your CI/CD and Source Code Repositories for any unauthorized actions Cycode’s security research team is actively monitoring this campaign and continuously updating affected packages in our Threat Intelligence feed so customers can quickly understand their exposure. The feed also surfaces suspicious public repositories associated with your developers’ accounts, including those labeled “Sha1-Hulud: The Second Coming,” so teams can see both package-level and repo-level impact in one place. Read our write-up on the Shai-Hulud attack here: https://lnkd.in/g4aZ3BFX

What a fantastic week at mysecurityevent Community für eine digital sichere Welt! 👏 A huge thank you to everyone who connected with Jochen Koehler at the event! We appreciate all the lively conversations on how to secure modern development in the age of AI. 💡 If you missed us or want to continue the conversation about Cycode: https://lnkd.in/gSjziwhs See some of the highlights below. #applicationsecurity #productsecurity #cybersecurity #mysecurityevent

Developers adopt AI faster than security teams can adapt. As AI accelerates development, it’s also quietly expanding the attack surface in ways traditional controls weren’t designed to handle. The 2026 State of Product Security for the AI Era report explores how leading organizations are evolving: pairing AI-driven innovation with stronger visibility, governance, and convergence across the SDLC. Explore the insights shaping the next era of AppSec → https://lnkd.in/dxcwRZVH #AI #ProductSecurity #Cybersecurity #AppSec #Cycode Katie Norton