Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

What happens when a $29 billion company forgets to rename a model ID, and what it means for every organization using open-source AI. On March 19, 2025, Cursor, the AI-powered coding tool valued at $29 billion and generating an estimated $2 billion in annual recurring revenue, launched Composer 2, its newest and most powerful coding model.

Today, Mend.io is launching Contextual Project Classification, an AI-native feature that automatically analyzes your codebase to identify which applications handle sensitive data like payments, healthcare records, and PII, enabling true risk-based security prioritization.

Today, we’re launching System Prompt Hardening, Mend.io’s new capability that defends the hidden instructions that control how your AI systems behave. Unlike user-facing prompts, system prompts live behind the scenes, and when attackers manipulate them, the result can be data leaks, policy bypasses, or unsafe model behavior. System prompt hardening stops those attacks at the source and gives security, engineering, and risk teams a practical, auditable way to secure AI in production.

AI compliance ensures AI systems follow laws, ethics, and standards by managing risks like bias, privacy violations, and lack of transparency through robust governance, documentation, and continuous monitoring, using frameworks like the EU AI Act and NIST AI Risk Management Framework (RMF) to build trust and avoid penalties in developing, deploying, and operating AI.

AI risk management is the process of identifying, assessing, and mitigating risks associated with artificial intelligence systems to ensure they are developed and used responsibly. It involves using frameworks like the NIST AI Risk Management Framework to address technical, ethical, and social challenges, including data bias, privacy violations, and security vulnerabilities.

Anthropic’s launch of Claude Code Security is exciting. Not because it changes everything overnight — but because it confirms something important: AI-powered security inside the developer workflow is becoming the new normal. And that’s a win for the entire industry.

Major software composition analysis (SCA) providers include Mend, Black Duck (Synopsys), and Veracode. They offer solutions to find, manage, and fix vulnerabilities and license issues in open-source components, with options ranging from developer-focused tools to enterprise-grade platforms with SBOM generation and deep compliance features.

Today, Mend.io is proud to announce the launch of AI Agent Configuration Scanning, integrated directly into the Mend AI Scanner. By treating “Agents as Code,” we are bringing security visibility and CI-friendly enforcement to AI configurations before they reach production The rapid adoption of AI agents has transformed the modern developer workflow.

Open source libraries, packages, and models power nearly every product team today. They accelerate development, democratize innovation, and let teams stand on the shoulders of giants. But there’s a dangerous assumption creeping into engineering orgs: that open source — or AI trained on open source — will keep your software safe. That assumption is wrong. Open source gives you speed and community, not guaranteed security.

Today, we’re excited to launch two practical tools to help teams quickly understand their AI maturity, quantify AI risk, and gather the evidence executives will ask for in 2026: an interactive AI Security Maturity Survey (with a personalized score and mapped recommendations) and a companion AI Security Compliance Checklist. Both are aligned to industry standards and built to be immediately useful in discovery, audits, and planning.