Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Federal agencies are moving fast to unlock AI's potential—from improving citizen services to driving mission outcomes. But with all that innovation comes a new wave of complexity and risk. Security, trust, and transparency can’t be afterthoughts. They need to be part of the build and AI adoption process from day one. AI-driven development is exponentially increasing both code speed and code insecurity, as AI generates code with up to 40% more vulnerabilities than human developers.

Today, Snyk is launching a powerful enhancement to our API discovery capabilities through a strategic partnership with Akamai. This integration is designed to solve one of the most significant challenges in modern application security: the difficulty of providing API schemas for DAST scanning. By directly ingesting API inventories and their corresponding schemas from Akamai, we are transforming a difficult manual process into a seamless, automated workflow within the Snyk platform.

On August 5, 2025, Trend Micro released a short-term mitigation tool addressing two critical command injection vulnerabilities (CVE-2025-54948 and CVE-2025-54987) in Apex One. These flaws affect the on-premise Apex One Management Console and have been exploited in the wild. Both stem from a command injection issue that allows unauthenticated, remote threat actors to execute arbitrary code on vulnerable systems. While the vulnerabilities are similar, they differ based on the targeted CPU architectures.

For years, the cybersecurity community has discussed the theoretical risks of artificial intelligence. We’ve imagined biased algorithms and adversarial attacks, but these conversations usually stayed hypothetical. That era is over. It’s time to move beyond the theory and into the practical “how-to” of finding and exploiting vulnerabilities in AI systems. To execute this, the new OWASP AI Testing Guide (AITG) is indispensable.

Generative AI is reshaping how software is made, secured, and scaled. At Snyk’s Lighthouse event in Silicon Valley, leaders from engineering, security, and platform teams gathered to explore one big question: How do we build AI-powered systems that move fast, without breaking trust? For many, that future is already here — 60% of organizations at the Summit reported building agentic apps internally. The answers weren’t just technical. They were cultural. Organizational. Strategic.

Tech companies love a good framework, especially ones that promise structure, transparency, and alignment with internal standards. Zoom’s Vulnerability Impact Scoring System (VISS) is one of those. It’s designed to translate internal security policies into a scoring model that supports impact-based decision making, particularly for bug bounty programs and external disclosure workflows. On paper, that sounds useful. But in practice, it doesn’t scale.

When we talk about healthcare today, it’s impossible not to consider application security. As healthcare providers increasingly lean on digital solutions to deliver patient care, they are creating an explosion of healthcare data requiring protection to ensure its confidentiality, integrity, and availability.