Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Welcome to the second part of our two-part special on Gartner’s “4 Ways Generative AI Will Impact CISOs and Their Teams” report! If you’ve missed the first part on model composition, you can read it here. Today, we will explore why security specialism matters in an AI security tool, particularly where AI quality is concerned.

Non-human identities (NHIs) dominate the era of cloud services and SaaS applications. They are the identities that authenticate between different servers, APIs and third party integrations to provide programmatic access to data and services. Non-human identities utilize different protocols, such as OAuth, REST and SSH.

Downgrade attacks—also known as version-rollback attacks—are a type of attack designed to revert an immune, fully up-to-date software back to an older version. They allow malicious actors to expose and exploit previously fixed/patched vulnerabilities to compromise systems and gain unauthorized access.

Organizations face a myriad of cybersecurity threats that can compromise sensitive data and disrupt operations. A cornerstone of defending against these threats is an effective vulnerability management program. This program’s first, and arguably most critical, step is strong asset and inventory management. A thorough and accurate asset inventory is essential for identifying and mitigating vulnerabilities.

Snyk’s goal has always been to empower developers to build fast but safely. This is why we created the developer security category and why we were amongst the first advocates of “shifting left.” Now, AI has changed the equation. According to Gartner, over 80% of enterprises will have used generative AI APIs or models, or deployed their own AI model, by 2026.

Samsung has introduced a groundbreaking bug bounty program offering up to $1,000,000 for discovering critical vulnerabilities in its mobile devices. This initiative, named the 'Important Scenario Vulnerability Program (ISVP),' underscores Samsung's commitment to bolstering the security of its Galaxy devices. The program focuses on vulnerabilities related to arbitrary code execution, device unlocking, data extraction, arbitrary application installation, and bypassing device protections.

CrowdStrike is aware of inaccurate reporting and false claims about the security of the Falcon sensor. This blog sets the record straight by providing customers with accurate technical information about the Falcon sensor and any claims regarding the Channel File 291 incident. CrowdStrike has provided a Technical Root Cause Analysis and executive summary that describes the bug in detail.

We are thrilled to announce the new Snyk Analytics for Snowflake, allowing Snyk customers to seamlessly access and analyze Snyk’s data from their Snowflake account.

Understanding vulnerability management is crucial for maintaining the security of your systems. It involves identifying, assessing, and mitigating vulnerabilities that exist within your network, applications, and infrastructure. By gaining a deep understanding of vulnerability management, you can effectively prioritize and address security risks. One key aspect of vulnerability management is conducting regular vulnerability assessments.