API Security

Events

Views Navigation

Event Views Navigation

Today

    • AppSec vs. Developer Velocity: Ending the Cold War Between Security and Engineering

    More than half of development teams report that application security testing slows their release pipeline. On the other side, security teams point to the 81% of organizations that knowingly shipped vulnerable code in the past year. Both sides have legitimate concerns, and the friction between them is getting worse as release cadences accelerate and AI-generated code enters production. The result is a standoff where developers route around security controls and AppSec teams lose influence over the code that actually ships.

    The path forward is not about one side winning. It is about removing the friction that makes security feel like an obstacle. That means fewer low-value alerts landing on developer desks, clearer ownership of findings, risk-based prioritization that respects engineering time, and tooling that works inside the developer workflow rather than beside it.

    Resolving this tension requires alignment across testing, prioritization, and runtime protection approaches – from SAST, DAST, and SCA to API security, container security, and developer-native security tooling embedded directly into CI/CD pipelines.

    Topics include:

    • Why AppSec noise (not AppSec itself) is driving the friction with engineering
    • Embedding security into CI/CD pipelines without creating unplanned developer work
    • Shifting from “fix everything” to prioritizing the 2–5% of findings that carry real risk

    Learn how security and engineering teams are resolving friction and building AppSec programs that move at the speed of development.

    Topics:
    , , , , , , ,

    • AI-generated Code Is Shipping to Production. Is Your AppSec Pipeline Ready for What Comes Next?

    Eighty-one percent of organizations knowingly shipped vulnerable code in the past year. That number is about to get harder to manage. AI-assisted coding tools are accelerating output across engineering teams, and Gartner projects that by 2027, at least 30% of AppSec exposures will result from AI-driven "vibe coding" practices. The code patterns are different, the release cadences are faster, and the security assumptions baked into traditional testing tooling were not built for what AI produces. Organizations are deploying AI-generated code at a pace that outstrips their ability to review it.

    The challenge is not whether to allow AI-generated code. That decision has already been made by most engineering teams, with or without security's blessing. Addressing this requires rethinking how static and dynamic testing, software supply chain security, runtime protection, API security, and developer-native tooling work together across an AI-accelerated pipeline. Security teams that do not adapt their tooling and processes now will spend the next two years in reactive mode.

    Topics include:

    • New vulnerability patterns introduced by AI-generated and AI-assisted code
    • Adapting AppSec pipelines to handle accelerated release cycles without creating bottlenecks
    • Securing the AI-driven software supply chain, from dependencies and secrets to runtime behavior

    Explore how AppSec teams are retooling their programs to keep pace with AI-accelerated development before the gap becomes unmanageable.

    Topics:
    , , , , , , , ,