Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Embeddings vs. Generative Models #AI #RAG #AIExplained #MachineLearning #OpenAI #LLMs #AIsecurity

May 12, 2025 By Mend In Mend
Not all AI models are made to generate. Some are built to understand. Here’s the key difference: Generative models take in text and produce new text (think ChatGPT). Embedding models take in text and translate it into numbers, vectors that capture meaning. Why does that matter? Because embedding models let you turn documents into searchable vectors. That means when someone asks a question, you don’t need to search the whole doc, you just find the most relevant chunks based on meaning. And that’s what makes things like RAG (Retrieval-Augmented Generation) powerful and efficient.
View Video

SOC: Does Your Company Need One? (Budget vs. Protection) #soc #cybersecurity

May 9, 2025 By Mend In Mend
At what point should a company invest in a Security Operations Center (SOC)? Learn when businesses should start thinking seriously about building cybersecurity defenses—and why protecting revenue is just as critical as generating it. Many companies wait too long to prioritize cybersecurity. Discover why having a SOC isn't just for giant enterprises—and why protecting your revenue must be part of your business growth strategy from the start.
View Video

SolarWinds Hack: How State Actors Infiltrated & What You Can Learn #cybersecurity #solarwinds

May 8, 2025 By Mend In Mend
State actors played the long game by targeting SolarWinds’ build server, injecting malicious code without detection. Learn why code diffs, hash checks, and decompiling builds are critical for cybersecurity today.
View Video
mend

Top Ten Tips to Choose a Great SAST Tool

May 7, 2025 By Adam Murray In Mend
Static application security testing (SAST) has matured from a gate-at-the-end to a developer-first discipline. Forrester’s Static Application Security Testing (SAST) 2025 landscape report highlights why: attack volume is rising, code is released at least monthly in one in four teams, and AI generated code is flooding pipelines with even more code to secure. The tools that succeed are those that shorten mean time to remediate (MTTR) while fitting the way modern teams build.
Read Post

Build Trust Now: Transparent Dialogue for a Trustworthy Organization #trust #cybersecurity

May 7, 2025 By Mend In Mend
Building trust shouldn't start when there's already a problem. Learn how to proactively create transparent, trust-first conversations with customers—and why trust must be engineered into your security programs from the start. Building trust isn't reactive—it’s proactive. Discover how to open transparent conversations before issues arise, why trust must be built into every layer of your security program, and how to communicate that trust effectively during the sales process.
View Video
mend

Dynamic Application Security Testing: DAST Basics

May 5, 2025 By Mend.io Communications In Mend
DAST is a security tool that attempts to penetrate an application from the outside by checking its exposed interfaces for vulnerabilities and flaws. Sometimes called a web application vulnerability scanner, it is a type of black-box security test. It looks for security vulnerabilities by simulating external attacks on an application while the application is running.
Read Post
mend

Introducing Mend's Integration with Microsoft Defender for Cloud

Apr 29, 2025 By Mend.io Communications In Mend
We’re excited to announce a powerful new integration between Mend.io and Microsoft Defender for Cloud (MDC)—a step forward in our mission to bring intelligent, actionable, and context-rich open source security directly into the cloud security workflow. As organizations embrace cloud-native architectures, security teams face the growing challenge of identifying and prioritizing the open source software risks that truly matter.
Read Post

Securing AI Isn't Just About Your Pipeline #AIsecurity #DevSecOps #AppSec #redteaming

Apr 28, 2025 By Mend In Mend
Building AI apps securely is not just about plugging tools into your dev pipeline. It’s about knowing what to do with those tools after they give you results. What risks matter? What policies should you apply? And when is the right time to integrate AI security into your CI/CD? Bar-El Tayouri sits down with Ashish Rajan from The Cloud Security Podcast to discuss why red teaming and scanning aren’t enough and how getting comfortable with AI security before production pays off long-term.
View Video
mend

Mend.io & HeroDevs Partnership: Eliminate Risks in Deprecated Package

Apr 22, 2025 By Sarah Moglia In Mend
The increasing reliance on open-source software coupled with the accelerated pace of software development has created a growing need for support of deprecated packages. The significant majority of open-source software packages are not actively maintained, meaning vulnerabilities are not patched, thereby leaving systems open to attack. Malicious actors often target deprecated open-source packages for this very reason.
Read Post
mend

Vector and Embedding Weaknesses in AI Systems

Apr 16, 2025 By Bar-El Tayouri In Mend
AI security threats are evolving at roughly the same speed that AI itself is: extremely fast. One of the most recent—and least understood—vulnerabilities involves vector and embedding weaknesses. These issues have gained attention with their addition to the OWASP Top 10 for LLMs, and the risks are becoming more urgent as Retrieval-Augmented Generation (RAG) continues to dominate enterprise AI adoption.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.