Skip to main content

Weekly AppSec Briefings

February 11, 2026

OpenClaw's 180K-Star Marketplace Was 12% Malware

AI agent platforms shipped malware and RCE exploits. Claude found 500+ vulnerabilities. Google closed $32B Wiz deal. Governance can't keep pace.
Learn More
February 4, 2026

69% of C-Suite Execs Use Shadow AI. Your Security Policy Doesn't Apply to Them. | Jan 31-Feb 4

Half of enterprise employees use shadow AI with sensitive data. 69% of C-suite executives prioritize speed over privacy. AI security tools miss what humans catch.
Learn More
January 28, 2026

Claude 4.5 Executed the Equifax Breach in Hours | Jan 23-28

AI pentesting now costs $18/hour. npm says zero-days are your problem. Sonnet 4.5 can exploit breaches without customization.
Learn More
January 21, 2026

AI Coding Tools Systematically Ship Security Flaws Your Scanner Won't Find | Jan 15-21

Tenzai research proves all 5 major AI coding assistants generate critical business logic flaws. Prompt injection hits Google Gemini, Microsoft Copilot, Anthropic MCP. Europe launches GCVE vulnerability database.
Learn More
January 14, 2026

2026 Predictions + Expert Roundup | Jan 9-14

What 30 security leaders learned in 2025 and what they're watching in 2026. Plus EU opens SBOM consultation (Feb 3 deadline) and ZombieAgent compromises ChatGPT via emoji smuggling.
Learn More
January 7, 2026

React2Shell Hit Botnets and supply chain vulns cost $ | Jan 1-7

RondoDox botnet weaponizes React2Shell faster than patching cycles. Trust Wallet's $8.5M theft marks first major supply chain financial attribution. Plus 10K firewalls still vulnerable to 5-year-old CVE.
Learn More
December 31, 2025

MongoBleed Exploited Christmas Morning, 87K Servers at Risk | Dec 25-31

MongoBleed exploited within hours of disclosure. OWASP releases first Agentic AI Top 10. Plus AI coding tools face real-world limitations reality check.
Learn More
December 24, 2025

AI Code Ships With 2.74× More Security Flaws | Dec 19-24

CodeRabbit research: AI-generated code has 2.74× more security issues than human-written. NPM package steals WhatsApp credentials after 56K downloads. Plus $11B in security M&A.
Learn More
December 17, 2025

Five China-Nexus Groups Exploited React2Shell | Dec 13-17

Google documents coordinated nation-state exploitation. UK government says prompt injection can't be fully mitigated. Microsoft expands bug bounties to all third-party code.
Learn More
December 10, 2025

When the Patch Causes an Outage - React2Shell Broke Cloudflare, Shopify, Zoom | Dec 6-10

React2Shell will be fixed because it has visibility, urgency, and buy-in. Your backlog of medium-severity CVEs will not.
Learn More
December 3, 2025

98% of Companies Deploy AI Agents, 79% Have No Security Policy | Nov 27 - Dec 3

98% of enterprises deploy AI agents but 79% have no written security policies. Fragmented tooling creates 4-week MTTR for critical vulnerabilities. AI coding tools becoming attack surfaces. $190M+ funding validates automated remediation.
Learn More
November 26, 2025

npm Worm, CISA Deadlines, and the AI Productivity Question

25,000 npm packages compromised in one week. CISA's December 12 deadline for Oracle Identity Manager. DevOps analysis questions whether AI coding velocity translates to actual productivity.
Learn More
November 19, 2025

Attackers Automated 90% of Operations with Claude AI | Nov 15-19

Chinese state-sponsored actors automated 90% of cyberattack operations using Claude AI while 30,000 EU organizations face December NIS2 compliance deadlines. Seven zero-days under active exploitation demonstrate ongoing response velocity gap.
Learn More
November 12, 2025

50% of CISOs Report Security Burnout. GitHub Copilot Reports First CVE

50% of CISOs report burnout affecting breach preparedness while 80+ critical CVEs landed in one week. Operational capacity hits the wall as teams drown in alerts and patch volumes exceed human triage capacity.
Learn More
November 5, 2025

Aardvark Validates Automated Remediation while AI Tools Expose New Risks

OpenAI's Aardvark validates automated remediation market while AI platforms expose critical security flaws. OWASP conference agenda signals industry shift from detection to remediation focus.
Learn More
October 29, 2025

AI Writes Code Faster Than Security Teams Can Fix It

AI code generation outpaces remediation capacity with 76% of security teams struggling. Five critical CVEs exploited, 3,000+ MCP servers breached.
Learn More
October 17, 2025

Nation-State Attacks Expose the Limits of Reactive Security

Nation-state actors stole F5 source code to build zero-days before patches exist. Adobe AEM exploitation outpaces patch cycles. Weekly intelligence.
Learn More
October 8, 2025

Pre-Patch Exploitation Era Begins

Attackers exploit Oracle zero-days two months before patches exist. AI coding tools accelerate production while security teams struggle with manual triage.
Learn More
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Pixee's Pledge to Open Source

Learn More

The Battle of AI Wrappers vs. AI Systems

Learn More

Why General Security Copilots Might Not Work in Enterprise AppSec

Learn More

Time-to-Exploit Has Collapsed. Has Your Remediation Strategy?

Learn More

Why AI Can't Audit Its Own Code: Replit's Research on Deterministic Security

Learn More

CVE Had a Near-Death Experience. Europe's Response: Build Their Own.

Learn More

92% of Security Teams Are Prioritizing Vulnerabilities Wrong (And the Data Proves It)

Learn More

The $2.4 Million Blind Spot: Why Your Security Automation ROI Calculator Is Wrong

Learn More

Google, Microsoft, Anthropic: Same Week, Same Attack, Same Blind Spot

Learn More

Every Layer of Your Dev Stack Is Now an Attack Vector

Learn More

78% of Security Alerts Go Uninvestigated: The Silent Risk Accumulation

Learn More

Six Zero-Days, One Refusal: How npm Created Two-Tier JavaScript Security

Learn More

When Half Your Security Leaders Are Too Burned Out to Protect You

Learn More

What Security Leaders Learned in 2025 (And What They're Watching in 2026)

Learn More

The Find but Never Fix Crisis: The Math Breaking AppSec Teams

Learn More

Why You Shouldn't Buy a Security Product in Response to React2Shell

Learn More

Why Purpose-Built Security Remediation Produces Higher Quality Fixes

Learn More

Why General Security Copilots Might Not Work in Enterprise AppSec

Learn More

The AppSec Maturity Model: Where Does Your Organization Fit?

Learn More

User Spotlight: Stirling-PDF

Learn More

User Spotlight: ResumeBoostAI

Learn More

The Illusion of Progress: Why Prioritization Alone Won't Make Us Safer

Learn More

Top 10 Things We Learned From Reading 35 AppSec Reports: Why Teams Are Drowning in Triage, Not Fixes

Learn More

The AppSec Maturity Model: From Detection to Resolution

Learn More

The Agentic AI Governance Gap: A Strategic Framework for 2026

Learn More

The AI Remediation Imperative: Why Detection Isn't Enough for OWASP Agentic AI in 2026

Learn More

Pixee’s Approach to Security Focused UX and Design

Learn More

The $19M Paradox: Why Security Spending and Security Debt Both Keep Rising

Learn More

The 2.74× Problem: New Data Shows AI Code Ships With Nearly 3× More Security Flaws

Learn More

Q4 2025 Retrospective: 10 Stats That Defined the Quarter in AppSec

Learn More

React2Shell: The Next Struts2-Style Bug Parade?

Learn More

That Time Our Own Security Tools Came to the Rescue

Learn More

Pixee announced winner of the 2023 Santander X Global Challenge

Learn More

Pixee wins 2024 DEVIES Best Innovation in AppSecOps award

Learn More

Machine-Speed Triage: The Three Intelligence Types Security Needs Now

Learn More

Pixee CTO Arshan on The Daily Tech Talks Podcast

Learn More

From Systems of Detection to Systems of Decision: AppSec's Next Frontier

Learn More

Introducing Pixee for SCA

Learn More

Managing Pixeebot Activity with the New User Dashboard

Learn More

More Isn't Always Better, But AI Makes That Irrelevant

Learn More

$1.88M/Year on Triage Labor: The Hidden Cost Your AppSec Team Won't Tell You

Learn More

Just Fix It.

Learn More

How to Secure the 77% of Code You Didn't Write

Learn More

From 2,000 Alerts to 50 Fixes: The Triage Automation Playbook

Learn More

How to Reduce Your Security Backlog: 4-Step Plan to Cut Vulnerabilities

Learn More

Google CodeMender just validated autonomous patching. Enterprise readiness takes more.

Learn More

From 'Block Everything' to 'Respond Fast': The CISO's New Playbook for AI Security

Learn More

Breaking down the Node.js sandbox bypass CVE-2023-30587

Learn More

8 Forces Making On-Premises AI Remediation Urgent Now

Learn More

Enhancing Product Security through Developer-Security Team Collaboration

Learn More

DefectDojo and Pixee Partner to Realize the Potential of DevSecOps

Learn More

77% of Your Code Came From Somewhere Else. Now What?

Learn More

8 Forces Pushing Enterprises Back to On-Premises AI Security

Learn More

Beyond the Black Box: How Pixee Validates AI-Powered Vulnerability Triage

Learn More

81% Ship Vulnerable Code. The Problem Isn't Negligence—It's Capacity.

Learn More

Stay ahead of the curve

Get the latest AppSec insights, research, and product updates delivered straight to your inbox. No spam, just signal.

View open roles
pixee logo

Follow Us

© {{year}} Pixee Inc. All rights reserved.
Terms of Service
Privacy Policy