Latest news with #AppSec
Forbes
3 days ago
- Business
- Forbes
The Future Of AI Is Specialization
With 16+ years in cybersecurity, Édouard Viot, CTO of Symbiotic Security, is a hacker at heart and an innovator in AppSec, WAFs and EDR. The rapid evolution of AI has led to an important realization: the infrastructure, training costs and ongoing reinforcement learning required to maintain a generalist AI model are astronomical, impractical and unsustainable. In my opinion, the future belongs instead to hyperspecialized AI models that are tailored to excel in hyper-specific domains. Fundamentally, using a large language model (LLM) for a hyper-specialized task is like using a sledgehammer to crack a nut: it's not the most efficient tool for the job. So instead of relying on large, resource-intensive models for every task, the industry is shifting toward domain-specific AI agents. For example, AI specializing in code security would outperform a general-purpose model like ChatGPT when it comes to detecting and remediating vulnerabilities. In fact, we ran an internal study on this topic that you can find here. Agentic AI substantially increases these capabilities. Agentic AI is a solution engineered to function independently by making decisions, executing actions and adjusting dynamically to evolving conditions with minimal human oversight. Take, for example, an agent specialized not just in code security, but specific families of vulnerabilities, such as XSS, SQL injection and buffer overflow. In these cases, AI can adapt to the type of vulnerability it has detected and route the user to proper, hyper-focused resources for remediation and/or training. The agentic approach can also be used to chain AI models. Using a slightly different example, let's say the user is working with Terraform code. Within the workspace, one agentic AI can be used to remediate vulnerabilities in the code in Terraform and then route to another agent that will check the syntax to make sure that everything is correct. This will provide better results, but will also lead to increased latency. All of this raises a fundamental question: Do we really need general-purpose AI models that know everything? The answer is increasingly clear—no, we don't. What we need is AI that is exceptional at a specific task, delivering high performance with lower compute costs. The advantages extend beyond efficiency: hyperspecialized AI reduces latency, improves accuracy and even lowers environmental impact due to reduced resource consumption. Hyperspecialized models can have an outsized impact in areas that call for both accuracy and flexibility. Looking again at cybersecurity, different AI techniques can work together to make the whole process faster and more efficient. For instance, machine learning models, trained on large datasets of known threats and safe software, are great at classification. They can quickly spot anomalies, categorize vulnerabilities and reduce false alarms during automated scans. This is a huge win for security teams, who can then focus on higher-level strategy and incident response rather than sifting through endless alerts. Meanwhile, LLMs shine when it comes to code-related tasks, in that they can generate specific fixes across a range of programming languages. This means developers don't have to be experts in every single language; they can rely on an LLM to create targeted solutions that fit the situation at hand. Bringing these two approaches together—machine learning for classification and LLMs for code generation—creates an effective combination that addresses both identification and remediation of security issues. Not only does this save time and resources, but it also bolsters an organization's overall security posture by delivering quick, precise results. The productivity gains from AI-driven automation are undeniable. In software development, AI can function like an outsourced team, accelerating coding efforts and reducing development timelines. However, this speed comes with a trade-off: without proper oversight, AI-generated code can, and does, introduce security vulnerabilities, leading to increased risk. In fact, a recent Stanford study has shown, among other things, that participants "who had access to an AI assistant wrote significantly less secure code than those without access to an assistant." It also found that participants with access to an AI assistant were also more likely to believe they wrote secure code, suggesting that such tools may lead users to be overconfident about security flaws in their code. Rather than replacing developers, AI is transforming their role. Developers will shift from being pure coders to acting as AI controllers and overseers, ensuring that AI-generated output meets security and quality standards. This evolution places a greater emphasis on critical thinking and judgment, elevating the role of developers within organizations. As AI models become more widely available, the competitive edge will shift towards data quality and specialization. Large, general-purpose models require immense investment, but hyperspecialization allows smaller players to compete effectively. This disrupts the traditional AI hierarchy, potentially enabling new innovators to challenge the dominance of tech giants. AI is increasingly learning from human interactions, a concept known as reinforcement learning. Using the case of code security again, if a developer modifies AI-suggested remediation code before accepting it, the AI can learn from this adjustment and refine its future recommendations. This continuous feedback loop allows AI to evolve based on real-world usage, improving accuracy and effectiveness over time. It's important to note, however, that for an AI to be truly self-improving, the capabilities of the human interacting with it need to be taken into consideration. In fact, only with that awareness should the reinforcement learning be adjusted. If the developer modifying the suggested remediation code makes those changes without understanding the root problem, and as a result, the changes are ill-advised or wrong, learning from that interaction would be detrimental to the AI. As AI advances, hyperspecialization will become the dominant strategy for enterprises seeking cost-effective, high-performance solutions. The era of trying to build a single AI that does everything is giving way to a more practical approach: deploying multiple smaller, task-specific AIs that are more efficient, precise and ultimately more beneficial for organizations and society. Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Yahoo
6 days ago
- Business
- Yahoo
DefectDojo Introduces Industry-First Unified SOC & AppSec Platform
DefectDojo now accommodates the needs of multiple security teams with a single, unified view AUSTIN, Texas, May 27, 2025--(BUSINESS WIRE)--DefectDojo, the pioneer in scalable security, unified vulnerability management and DevSecOps, today announced the launch of their next-gen Security Operations Center (SOC) capabilities for DefectDojo Pro, which provides both SOC and AppSec professionals a unified platform for noise reduction and prioritization of SOC alerts and AppSec findings. As both SOC and AppSec teams attempt to cut through noisy data from a sprawling set of tools and sources, Dojo Pro now allows two security teams to work from the same platform in a way no other solution has offered to date. SOC teams, like their counterparts in AppSec, are facing a number of challenges that hinder their ability to effectively protect their organizations. A recent survey found that SOC teams receive approximately 500 investigation-worthy endpoint security alerts weekly, and investigating these alerts takes up to 65% of their time; in that same survey, 16% of SOC professionals said they only addressed 50-59% of their pipeline per week. In short, SOC teams do not have the time or the resources to effectively keep up with the constantly-evolving threat landscape and the deluge of associated data. Next-gen SOC builds on DefectDojo's previous efforts to simplify and streamline cybersecurity operations. SOC teams can now use Dojo Pro's machine learning algorithms to consolidate and remove duplicate findings, significantly cutting down the amount of data they must process and assess. They can also take advantage of DefectDojo's newly-released risk-based prioritization features, which more effectively assess risk by factoring in exploitability, reachability, revenue, potential compliance factors, user records and a number of other factors to help teams find their most pressing vulnerabilities and SOC alerts to respond more quickly. "DefectDojo has always prioritized meeting security teams where they are, providing them the flexible foundation to effectively manage their needs and making hypertechnical cybersecurity tools accessible. Unifying next-gen SOC and AppSec represents the culmination of all of our work to date and a major breakthrough in how different cybersecurity teams collaborate with each other," said Greg Anderson, CEO and founder of DefectDojo. "We aim to continue bringing our customers scalable solutions for today's most pressing cybersecurity issues." The next-gen SOC capabilities join a number of recently-launched features for the Dojo Pro platform, all of which are informed by direct customer feedback and use cases. These include the Rules Engine, which enables teams to customize rules to automatically manipulate, edit, enhance, add custom remediation advice, escalate, or de-escalate specific findings, all without significant human effort; the universal parser, allowing for data ingestion from any tool producing JSON or XML data; and next-generation prioritization evaluation. Built by and for cybersecurity professionals, Dojo Pro is designed to efficiently scale for the needs of organizations of any size and centralize vulnerability data into one easy-to-use platform. DefectDojo's customer base includes Fortune 10 companies, international banks, government agencies and solo consultants alike, and the open-source OWASP Edition of the platform has been downloaded over 43 million times. To learn more about DefectDojo and get started with either the OWASP Edition or Dojo Pro, contact hello@ About DefectDojo DefectDojo is the engine that drives DevSecOps, providing an open, scalable platform that connects security strategy to execution. By aggregating data from any security tool, automating manual processes, and delivering AI-powered insights, DefectDojo empowers organizations to have a unified view of security posture, automate operations to increase productivity and improve decision-making. For more information, visit or follow us on LinkedIn or GitHub. View source version on Contacts Media Contact defectdojo@ Sign in to access your portfolio
Yahoo
13-05-2025
- Business
- Yahoo
Nearly Half of Development Teams Now "Own" Application Security, Checkmarx Global Survey Finds
Improving DevSecOps maturity remains a priority, yet CISOs report only 39% of business operations run on secured applications PARAMUS, N.J., May 13, 2025--(BUSINESS WIRE)--Checkmarx, the industry leader in cloud-native application security for the enterprise, has published its annual research report, "A CISO's Guide to Steering AppSec in the Age of DevSecOps." Based on a survey of 200 chief information security officers (CISOs) from across diverse industries and regions, the global study uncovered key factors driving the trend for closer collaboration between development and security teams. One key finding is that 49% of CISOs say buyers now factor application security (AppSec) into purchasing decisions. In fact, in nearly half of software-based product companies, security oversight has moved outside the CISO's office entirely. As application complexity and scale grow — driven by AI, microservices and hybrid application architectures — engineering teams are increasingly accountable for ensuring secure, scalable delivery. With faster release cycles and expanding code bases, AppSec decisions and budgets are shifting toward development teams to embed security earlier and more efficiently in the development process. "We're witnessing a pivotal change: AppSec is now a competitive differentiator, a budget priority and a boardroom issue," said Checkmarx Chief Product Officer Jonathan Rende. "As development teams take greater ownership, CISOs must focus on governance, strategy and collaboration to keep security outcomes on track." Key Finding: Application Security is Crucial to Purchasing Decisions CISOs responding from industries including banking and finance, media, insurance, software, manufacturing and the public sector revealed that robust AppSec programs and practices remain a strong differentiator in their customers' buying decisions. Key data points include: 49% of respondents report that buyers regularly consider application security in purchasing decisions 24% indicated that application security is "always" a factor in those decisions This trend is most pronounced in Europe, where 58% of respondents report that security is "always" a factor, compared to 33% in the Asia Pacific region and only 8% in North America The Checkmarx study also found that decision-making is becoming increasingly decentralized, with development teams more often influencing security practices and even owning budget authority. The study revealed that: In organizations developing software-based products responsibility is split, 50% of organizations assign security responsibility to CISOs while 43% move security oversight to development teams 56% of organizations say that most of their development teams are fully integrated with AppSec programs Rende added, "As security responsibility migrates toward development teams, so does the funding. That's why CISOs today need to lead with influence, creating guardrails, not roadblocks." Security's Role in the Boardroom Remains Inconsistent The study report highlights a persistent gap in how security is communicated at the executive level. While 62% of CISOs report AppSec metrics to their board, most focus solely on vulnerability counts, with only 25% tying those risks to business outcomes like brand reputation or regulatory exposure. This disconnect underscores the urgency for CISOs to frame security in terms of business risk — a prerequisite for securing sustained buy-in at the executive level. To download the full report, visit this page. Methodology Performed in collaboration with Global Surveyz, researchers surveyed CISOs at organizations with annual revenues exceeding $750 million and development teams of at least 180 developers. Participants represented key sectors including banking and finance, insurance, software, technology, engineering, media, manufacturing, industrials and the public sector, spanning the United States, Canada, Western Europe and the APAC region. About Checkmarx Checkmarx helps the world's largest enterprises get ahead of application risk without slowing down development. More applications, faster pipelines and growing threats are all contributing to skyrocketing risk. Checkmarx helps end the guesswork in identifying the most critical issues to fix. Giving AppSec the tools they need while letting developers work the way they want, from DevOps pipelines to developer experience, Checkmarx helps security and development teams work better together – all on a unified application security platform. That's why so many enterprises rely on Checkmarx to scan over one trillion lines of code each year, see 2X ROI, and improve developer productivity on security tasks by 50%. Checkmarx. Always Ready to Run. Follow Checkmarx on LinkedIn, YouTube and X. View source version on Contacts Media Contact Katie BrookesMerritt Group for Checkmarxbrookes@ Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Yahoo
08-05-2025
- Business
- Yahoo
OX Security raises $60m in Series B funding
OX Security, an application security platform, has secured $60m in Series B funding to further develop its platform designed to pinpoint and prioritise risks in software development. The funding round was spearheaded by DTCP and saw contributions from firms including IBM Ventures, Microsoft, Swisscom Ventures, Evolution Equity Partners, and Team8. With the latest funding, the company's total capital raised now stands at $94m. OX Security's platform is designed to support organisations in identifying and concentrating on the most critical 5% of application security risks, aiming to reduce unnecessary alerts and enhance overall risk posture. By providing evidence-based risk assessments throughout the software development process, OX Security enables development teams to address the real-world implications of vulnerabilities. Currently, OX Security's platform is used by more than 200 organisations, including Microsoft, IBM, eToro, and SoFi. The company plans to use the proceeds to advance product innovation, and expand its international presence. OX Security CEO and co-founder Neatsun Ziv said: "As AI-generated code becomes the new normal, the risks it introduces are often hidden beneath seemingly innocuous code, flaws that traditional security tools are not built to detect. "OX is pioneering agentic code review, powered by AI and enhanced with critical thinking modules that mimic the judgment of top security engineers. By continuously modelling risk across both AI and human-generated code, we identify and prioritise the vulnerabilities that actually matter." OX Security said that it has witnessed significant growth during the past year, achieving $10m in sales and tripling its customer base. DTCP managing director Dean Shahar said: 'OX is the precision blade that slices through the noise of endless vulnerabilities, empowering organisations to zero in on the critical 5% that truly matter. 'This is a true paradigm shift – OX's code projection and precise prioritisation finally deliver on the broken promises of legacy security tools, whose flood of alerts has become their Achilles' heel. 'As GenAI accelerates code creation beyond human scale, OX unifies fragmented AppSec solutions into a single, cohesive platform, delivering laser-sharp accuracy to secure the ever-expanding attack surface.' "OX Security raises $60m in Series B funding" was originally created and published by Verdict, a GlobalData owned brand. The information on this site has been included in good faith for general informational purposes only. It is not intended to amount to advice on which you should rely, and we give no representation, warranty or guarantee, whether express or implied as to its accuracy or completeness. You must obtain professional or specialist advice before taking, or refraining from, any action on the basis of the content on our site. Sign in to access your portfolio
Yahoo
08-05-2025
- Business
- Yahoo
OX Security raises $60m in Series B funding
OX Security, an application security platform, has secured $60m in Series B funding to further develop its platform designed to pinpoint and prioritise risks in software development. The funding round was spearheaded by DTCP and saw contributions from firms including IBM Ventures, Microsoft, Swisscom Ventures, Evolution Equity Partners, and Team8. With the latest funding, the company's total capital raised now stands at $94m. OX Security's platform is designed to support organisations in identifying and concentrating on the most critical 5% of application security risks, aiming to reduce unnecessary alerts and enhance overall risk posture. By providing evidence-based risk assessments throughout the software development process, OX Security enables development teams to address the real-world implications of vulnerabilities. Currently, OX Security's platform is used by more than 200 organisations, including Microsoft, IBM, eToro, and SoFi. The company plans to use the proceeds to advance product innovation, and expand its international presence. OX Security CEO and co-founder Neatsun Ziv said: "As AI-generated code becomes the new normal, the risks it introduces are often hidden beneath seemingly innocuous code, flaws that traditional security tools are not built to detect. "OX is pioneering agentic code review, powered by AI and enhanced with critical thinking modules that mimic the judgment of top security engineers. By continuously modelling risk across both AI and human-generated code, we identify and prioritise the vulnerabilities that actually matter." OX Security said that it has witnessed significant growth during the past year, achieving $10m in sales and tripling its customer base. DTCP managing director Dean Shahar said: 'OX is the precision blade that slices through the noise of endless vulnerabilities, empowering organisations to zero in on the critical 5% that truly matter. 'This is a true paradigm shift – OX's code projection and precise prioritisation finally deliver on the broken promises of legacy security tools, whose flood of alerts has become their Achilles' heel. 'As GenAI accelerates code creation beyond human scale, OX unifies fragmented AppSec solutions into a single, cohesive platform, delivering laser-sharp accuracy to secure the ever-expanding attack surface.' "OX Security raises $60m in Series B funding" was originally created and published by Verdict, a GlobalData owned brand. The information on this site has been included in good faith for general informational purposes only. It is not intended to amount to advice on which you should rely, and we give no representation, warranty or guarantee, whether express or implied as to its accuracy or completeness. You must obtain professional or specialist advice before taking, or refraining from, any action on the basis of the content on our site. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
