Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

mend

AppSec metrics fail, Mend.io's Risk Reduction Dashboard fixes it

Nov 18, 2025 By Tiffany Jennings In Mend
Today, we’re introducing our Risk Reduction Dashboard. This is a new way for security leaders to quantify their AppSec program’s impact, prioritize high-value fixes, and prove ROI with data-backed insights that go beyond raw vulnerability counts.
Read Post

Secure Your App with Mend.io's AI-Native AppSec Platform (featuring ByteGrad)

Nov 13, 2025 By Mend In Mend
This video, originally created by Wesley from ByteGrad, walks through how to secure your applications using Mend.io’s AI-Native AppSec Platform — including SAST, SCA, and SBOM scanning. Wesley explores how Mend integrates with GitHub, automates code fixes, and helps developers stay ahead of vulnerabilities. Creator: ByteGrad YouTube Channel Timestamps.
View Video

If AI Security were food...What's on the menu? #aisecurity #food

Nov 10, 2025 By Mend In Mend
How do you explain AI Security without the jargon? Easy you make it food. In this video, we asked leading AI Security professionals to describe AI Security as a dish. Their answers turn complex ideas like prompt injection, data leaks, and model hardening into bite-sized insights you’ll actually remember. From layered lasagna to spicy tacos, each response brings a fresh perspective on what it means to build and protect secure AI systems.
View Video

Direct vs. Indirect AI Risks: What Security Teams Need to Know #AIsecurity #AppSec #AInative

Nov 6, 2025 By Mend In Mend
AI coding assistants don’t just speed up development — they introduce two kinds of risks you can’t afford to ignore. Direct risks: vulnerabilities added straight into generated code. Indirect risks: exposure through how AI tools shape workflows, dependencies, and external connections. Both can create blind spots — and both demand visibility. Watch to learn how recognizing these layers helps secure your AI-driven workflows.
View Video
mend

Building a more secure npm ecosystem with Mend Renovate

Nov 6, 2025 By Jamie Tanna In Mend
Over this last year, we’ve seen significant attacks like the Shai-Hulud worm, the Nx build system compromise, and secrets being leaked to public GitHub Actions logs via the tj-actions/changed-files compromise, but I could spend the entirety of this article only listing different attacks, let alone talking about them.
Read Post
mend

Best Application Security Testing Services to Know

Nov 5, 2025 By Tiffany Jennings In Mend
Application Security Testing (AST) services use automated tools and manual techniques to find and fix security vulnerabilities in software, integrating security into the entire development lifecycle (SDLC) to prevent threats and protect applications from attacks. Key services include Static Application Security Testing (SAST) for code-level analysis, Dynamic Application Security Testing (DAST) for runtime testing, and Interactive Application Security Testing (IAST) which combines both.
Read Post
mend

Ultimate Guide to Open Source Security: Risks, Attacks & Defenses

Oct 28, 2025 By Tiffany Jennings In Mend
Unlike closed-source code or proprietary applications, open source software (OSS) exposes its source code, allowing anyone to view, modify, or contribute to it. This transparency delivers both opportunities and unique threats; developer communities can uncover flaws faster, but attackers can also examine code for weaknesses and even easily leverage known reported open source vulnerabilities.
Read Post
mend

Mend.io Expands AI Native AppSec to Windsurf, CoPilot, Claude Code, and Amazon Q Developer

Oct 21, 2025 By Mend.io Team In Mend
Today, Mend.io is expanding its AppSec capabilities to secure the five most popular agentic IDEs — including Windsurf, CoPilot, Claude Code, Amazon Q Developer, and Cursor — ensuring that developers can move at AI speed without compromising security.
Read Post
mend

Building Strong Container Security for Modern Applications

Oct 16, 2025 By Mend.io Team In Mend
Containers have transformed how modern applications are built and deployed. They’re lightweight, portable, and allow teams to move software from development to production faster than ever before. But as adoption has accelerated, so have security concerns. From vulnerable base images to exposed Kubernetes clusters, container security has become a top priority for AppSec and DevSecOps professionals.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.