Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

It’s official. Gartner just published the very first Gartner Magic Quadrant for Software Supply Chain Security, and JFrog has been recognized as a Leader, placing highest for Ability to Execute among all the vendors included. For an inaugural report in a category this important, that placement means a great deal to us, and we don’t take it lightly.

At 8:30 a.m., the scan report is already out of date. New cloud instances came online overnight, a container image was rebuilt, developers shipped code, and the security queue is full of findings that still need triage, ownership, and context. The hard part is rarely detection. The hard part is deciding what to fix first and getting that decision to flow into the systems your team already runs every day.

GitGuardian helps security teams detect leaked secrets across dozens of integrations, all converging in one place: our dashboard. As our data volume grew, some pages started taking several seconds to load.

Your ASPM dashboard shows your mobile security posture. The score reflects what your integrated testing tools found. It does not reflect what they could not test. For mobile apps, the gap between those two things includes the compiled binary, the third-party SDKs linked inside it, and what the app does at runtime on a real physical device. None of that data enters an ASPM dashboard built on source code scan results. The posture view looks complete. The coverage is not.

An AI-driven system at a beverage manufacturer recently churned out several hundred thousand excess cans after misreading unfamiliar packaging. The system didn’t recognize the company’s new holiday labels, flagged them as an error, and triggered additional production runs before the company caught the mistake. The system followed its instructions perfectly.

Phishing has always been a game of impersonation. But for decades, the tell was in the details: a misspelled word here, an awkward sentence there, a logo that was just slightly off. Security awareness training built an entire doctrine around those cues. Spot the typo, avoid the trap. That playbook is now obsolete. KnowBe4's latest Phishing Trends Report found that 86% of phishing attacks observed in the last six months involved some level of AI assistance.

CISA Binding Operational Directive 26-04: Prioritizing Security Updates Based on Risk requires Federal Civilian Executive Branch (FCEB) agencies to prioritize security updates based on operational risk, not just severity. It builds on earlier Cybersecurity and Infrastructure Security Agency (CISA) directives by combining exposure, exploitation, impact, and prioritization logic into a more actionable remediation model.

The economics of continuous security at frontier-model prices, and why the math points back to independence. The frontier models are astonishing at finding vulnerabilities. That is not in dispute, and it is not what this piece is about. The question is not whether a frontier model can find a flaw in your code. It is whether you can afford to run one as your scanner, continuously, across your entire estate, the way real security actually works.

A few weeks ago, we published our initial findings from Project Glasswing, looking at what happens when you point frontier security models at an enterprise codebase. We also explored how our defensive structures adapt to protect our infrastructure and customers from threats posed by frontier AI.

When a primary server or database goes down, every second of downtime costs money. Automatic failover detects those failures and redirects traffic to a standby system without paging anyone at 3 am. Even consumer networking hardware is catching up in this regard.