DEV Community: Maria

Join Our Webinar: SAST Isn’t Enough! Why Runtime Is Where Risk Lives

Maria — Tue, 24 Mar 2026 10:12:03 +0000

Most teams rely on static analysis to catch vulnerabilities. But here’s the problem: many issues don’t exist until your app actually runs.

Code looks safe. Dependencies look clean. Pipelines pass… and still, vulnerabilities show up in production.

Because real risk = behavior, not just code. So what’s missing?

You need both perspectives:

SAST → what’s in your code
DAST → how it behaves at runtime

Only together do they show what’s actually exploitable.

We’re breaking this down live

Why static analysis alone leaves blind spots
What vulnerabilities only appear at runtime
How to prioritize real risk (not just alerts)

📅 April 7 — 17:00 (CEST)
👉 https://www.linkedin.com/events/7442142589463519232/

Modern AppSec isn’t about more scans. It’s about a better context.

Fix smarter, not more

Maria — Tue, 24 Mar 2026 10:05:39 +0000

Most teams today don’t struggle to detect vulnerabilities—they struggle to prioritize them effectively. With signals coming from SAST, SCA, secrets, and CI/CD tools, the real challenge is understanding what actually matters: what’s exploitable, what’s reachable, and what can be fixed safely without breaking workflows. Instead of relying only on severity, teams are moving toward risk-based remediation, combining context, exploitability, and stability while reducing noise and automating fixes through PRs. If you’re dealing with alert fatigue or slow remediation cycles, this checklist is a good starting point → https://go.xygeni.io/ai-driven-remediation-risk-prioritization-checklist

Fixing vulnerabilities isn’t the hard part. Choosing the right ones is.

Maria — Mon, 23 Mar 2026 12:21:45 +0000

AI Is Writing Your Code. Who’s Reviewing the Security?

Maria — Thu, 26 Feb 2026 15:16:48 +0000

AI copilots like GitHub Copilot and Cursor can generate production-ready code in seconds, and autonomous agents can refactor entire modules without human review. Development velocity has never been higher—but neither has the risk surface.

Most teams still rely on CI-only security scanning, which detects vulnerabilities after code is merged, when fixing issues is slower, riskier, and more expensive.

In this live session 𝐕𝐢𝐛𝐞 𝐂𝐨𝐝𝐢𝐧𝐠 𝐖𝐢𝐭𝐡𝐨𝐮𝐭 𝐑𝐞𝐠𝐫𝐞𝐭: 𝐒𝐞𝐜𝐮𝐫𝐢𝐧𝐠 𝐂𝐨𝐩𝐢𝐥𝐨𝐭𝐬 𝐚𝐧𝐝 𝐀𝐈 𝐀𝐠𝐞𝐧𝐭𝐬 𝐟𝐫𝐨𝐦 𝐭𝐡𝐞 𝐈𝐃𝐄, we’ll show how security can move into the IDE, where AI-generated code is actually created. You’ll see how to detect vulnerabilities in real time as you code, validate reachability before merge, apply guardrails to Copilot and AI-generated changes, and safely remediate issues with AI-assisted fixes.

We’ll also run a live demo securing Copilot and agent-based workflows end-to-end.

If you’re using Copilot, Cursor, or any AI coding tools—and pushing code to production—this session will help you avoid shipping vulnerabilities at AI speed.

📅 March 11, 2026
🎥 Live demo included
👉 Register here: https://www.linkedin.com/events/7432784645383110656/

EU Cyber Resilience Act in Practice Webinar

Maria — Wed, 04 Feb 2026 10:29:33 +0000

𝐄𝐔 𝐂𝐲𝐛𝐞𝐫 𝐑𝐞𝐬𝐢𝐥𝐢𝐞𝐧𝐜𝐞 𝐀𝐜𝐭 (𝐂𝐑𝐀): 𝐰𝐡𝐚𝐭 𝐢𝐭 𝐚𝐜𝐭𝐮𝐚𝐥𝐥𝐲 𝐦𝐞𝐚𝐧𝐬 𝐟𝐨𝐫 𝐝𝐞𝐯𝐞𝐥𝐨𝐩𝐞𝐫𝐬?

If you’re building software products in the EU, the Cyber Resilience Act is no longer just a compliance topic; it directly impacts how you design, build, and maintain software.

In this practical Webinar 𝐄𝐔 𝐂𝐲𝐛𝐞𝐫 𝐑𝐞𝐬𝐢𝐥𝐢𝐞𝐧𝐜𝐞 𝐀𝐜𝐭 𝐢𝐧 𝐏𝐫𝐚𝐜𝐭𝐢𝐜𝐞, we’ll break down:

What the CRA really requires from development teams
How those requirements translate into concrete AppSec activities
How OWASP SAMM can be used as a practical framework to structure secure development without reinventing your SDLC

This is not a legal overview. It’s a technical, execution-focused session for developers, AppSec, and DevSecOps teams who need to turn regulation into real engineering work.

🎙️ Led by Nariman Aga-Tagiyev, Cybersecurity Architect & OWASP SAMM Core Team member.

Join if you want a clear, developer-friendly path from CRA requirements to actionable security practices https://www.linkedin.com/events/7424751762282143744/

AI Didn’t Just Change Development,It Changed How AppSec Breaks

Maria — Tue, 20 Jan 2026 12:39:14 +0000

AI is now deeply embedded in how software is written, tested, and shipped.
But most application security models are still designed for a world where humans wrote the code and pipelines moved slowly.

That gap is now being actively exploited. In 2025, attackers didn’t need zero-days. They abused:

Automation and trusted CI/CD pipelines
AI-generated code that “looks fine” in review
Inherited trust across dependencies, builds, and artifacts

Once malicious logic entered a trusted workflow, systems did the rest, at machine speed. We just released a new research report, New Application Security Attack Trends for 2026, that breaks down what actually changed and why many traditional AppSec signals failed.

What’s inside:

💠How AI changed the economics of software supply chain attacks
💠Why CVEs and static analysis missed trust-based, workflow-driven attacks
💠How persistence shifted from access to build artifacts and outputs
💠What attackers optimized in 2025 — and will keep optimizing in 2026
💠Why AppSec must move from issue lists to system-level control of execution and trust

This isn’t about running more scans. It’s about understanding how risk propagates when AI and automation are part of the execution path.

📘 Read the full report!

Software Supply Chains Under Pressure: Lessons from 2025 on Malware and AI

Maria — Wed, 07 Jan 2026 11:27:36 +0000

2025 marked a turning point for software supply chain security. AI-assisted malware, self-propagating attacks, and large-scale trust abuse changed how compromises move through dependencies, registries, and CI/CD pipelines.

In this LinkedIn Live SafeDev Talk, practitioners break down what actually changed in 2025, why familiar assumptions no longer hold, and what development and security teams need to adapt in 2026.

Join us!

📅 𝐉𝐚𝐧𝐮𝐚𝐫𝐲 𝟐𝟎𝐭𝐡 | 🎥 𝐋𝐢𝐧𝐤𝐞𝐝𝐈𝐧 𝐋𝐢𝐯𝐞

We hope to see you there!

New Threats in Open Source

Maria — Mon, 15 Dec 2025 11:25:54 +0000

The open source ecosystem has just crossed a new red line: we’re no longer dealing with “simple” malicious packages, but with self-spreading worms, AI-orchestrated attacks, and large-scale abuse of OSS infrastructure happening simultaneously.
Luis Rodríguez (Co-Founder & CTO at Xygeni Security) examines how Shai-Hulud and Shai-Hulud 2.0 turned npm into a worm-friendly propagation network, jumping even into Maven Central, how GlassWorm hid executable JavaScript in invisible Unicode with a blockchain-backed C2 and full RAT capabilities, how a real-world espionage campaign used an LLM as the primary operator for reconnaissance, exploitation, and exfiltration, and how massive spam waves like IndonesianFoods exploited funding systems and polluted registries at unprecedented scale.
This isn’t theoretical anymore: every developer machine is now a potential worm propagation point, and every stolen token a lateral-movement catalyst. Dive into the full article “New Threats to the Open Source Ecosystems: Worms, AI-Cooked Malware, and Large-Scale Trust Abuse” to understand where supply chain threats are heading—and what must change in our defensive strategies.

𝐁𝐮𝐢𝐥𝐝 𝐒𝐚𝐟𝐞, 𝐒𝐡𝐢𝐩 𝐒𝐭𝐫𝐨𝐧𝐠.

Open Source, AI and the New Attack Surface - Webinar

Maria — Thu, 13 Nov 2025 09:03:35 +0000

🚀 𝐒𝐚𝐟𝐞𝐃𝐞𝐯 𝐓𝐚𝐥𝐤: 𝐎𝐩𝐞𝐧 𝐒𝐨𝐮𝐫𝐜𝐞, 𝐀𝐈 & 𝐓𝐡𝐞 𝐍𝐞𝐰 𝐀𝐭𝐭𝐚𝐜𝐤 𝐒𝐮𝐫𝐟𝐚𝐜𝐞: 𝐖𝐞𝐚𝐩𝐨𝐧𝐢𝐳𝐞𝐝 𝐂𝐨𝐝𝐞, 𝐒𝐦𝐚𝐫𝐭𝐞𝐫 𝐃𝐞𝐟𝐞𝐧𝐬𝐞𝐬
Join experts from Red Hat, TikTok, and Xygeni for a live discussion on how to stay resilient in this new landscape.

🗓 When: 𝐍𝐨𝐯𝐞𝐦𝐛𝐞𝐫 𝟐𝟔𝐭𝐡
⏰ Time: 𝟏𝟐:𝟎𝟎 𝐄𝐃𝐓 / 𝟏𝟖:𝟎𝟎 𝐂𝐄𝐒𝐓
🎙 Speakers:

Roman Zhukov: Security & Privacy Leader, Red Hat

Leon Johnson: Offensive Security & Privacy Lead, TikTok

Luis Rodríguez Berzosa: CTO, Xygeni

If you’re building or securing software, this one’s for you.
Register here and join the conversation.

The Rise of AIO Application Security Platforms

Maria — Wed, 29 Oct 2025 10:41:10 +0000

𝐃𝐨 𝐲𝐨𝐮 𝐤𝐧𝐨𝐰 𝐰𝐡𝐲 𝐓𝐨𝐨𝐥 𝐒𝐩𝐫𝐚𝐰𝐥 𝐢𝐬 𝐊𝐢𝐥𝐥𝐢𝐧𝐠 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲?
Modern engineering teams move fast. Security? Too often, it slows everything down.

Not because AppSec isn't important, but because AppSec has become complicated: Multiple scanners. Multiple dashboards. Duplicate alerts.
Noise everywhere, and real risks get buried.
Sounds familiar?

🔥 𝐓𝐡𝐞 𝐀𝐩𝐩𝐒𝐞𝐜 𝐏𝐫𝐨𝐛𝐥𝐞𝐦 𝐍𝐨 𝐎𝐧𝐞 𝐖𝐚𝐧𝐭𝐬 𝐭𝐨 𝐀𝐝𝐦𝐢𝐭
Developers are drowning in:

💠Alert fatigue
💠Repeated findings across tools
💠Disconnected vulnerability data
💠Manual tickets for every tiny issue
💠Tools that don’t integrate into workflows

Security wants stronger coverage. Engineering wants fewer blockers.
Leadership wants risk down without slowing delivery.

Current tool chains usually don’t solve that tension; they create it.

𝐓𝐡𝐞 𝐍𝐞𝐰 𝐀𝐩𝐩𝐫𝐨𝐚𝐜𝐡: 𝐀𝐈𝐎 𝐀𝐩𝐩𝐒𝐞𝐜 𝐏𝐥𝐚𝐭𝐟𝐨𝐫𝐦𝐬
Teams are shifting from scattered tools → to unified platforms that cover:

💠SAST
💠SCA
💠IaC scanning
💠Secrets detection
💠SBOM & Supply Chain security
💠ASPM visibility
💠AI-assisted remediation workflows

𝐎𝐧𝐞 𝐩𝐥𝐚𝐜𝐞. 𝐎𝐧𝐞 𝐭𝐫𝐮𝐭𝐡. 𝐎𝐧𝐞 𝐩𝐢𝐩𝐞𝐥𝐢𝐧𝐞.

This is where AppSec finally starts working with developers, not against them.

𝐖𝐡𝐚𝐭’𝐬 𝐃𝐫𝐢𝐯𝐢𝐧𝐠 𝐭𝐡𝐞 𝐒𝐡𝐢𝐟𝐭?
Here are the trends shaping the future:

𝐀𝐈 𝐅𝐢𝐱 𝐒𝐮𝐠𝐠𝐞𝐬𝐭𝐢𝐨𝐧𝐬 & 𝐑𝐢𝐬𝐤 𝐒𝐜𝐨𝐫𝐢𝐧𝐠
No more guessing. Focus on the vulnerabilities that actually matter.
𝐀𝐮𝐭𝐨𝐦𝐚𝐭𝐢𝐨𝐧 𝐛𝐲 𝐃𝐞𝐟𝐚𝐮𝐥𝐭
Policy enforcement, alert routing, and remediation SLAs are handled automatically.
𝐑𝐞𝐠𝐮𝐥𝐚𝐭𝐨𝐫𝐲 𝐏𝐫𝐞𝐬𝐬𝐮𝐫𝐞 𝐈𝐬 𝐑𝐢𝐬𝐢𝐧𝐠
DORA, NIS2, SEC rules → require traceable security from code → prod.
𝐆𝐨𝐯𝐞𝐫𝐧𝐚𝐧𝐜𝐞 𝐁𝐮𝐢𝐥𝐭 𝐈𝐧𝐭𝐨 𝐃𝐞𝐯𝐎𝐩𝐬
Security becomes the system, not an afterthought.

This isn’t a tool upgrade, it’s a mindset shift for the entire software lifecycle.

Grab our Free Ebook! We put together a full breakdown of this evolution:

➡️ 𝐓𝐡𝐞 𝐑𝐢𝐬𝐞 𝐨𝐟 𝐀𝐈𝐎 𝐀𝐩𝐩𝐥𝐢𝐜𝐚𝐭𝐢𝐨𝐧 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐏𝐥𝐚𝐭𝐟𝐨𝐫𝐦𝐬
How to simplify AppSec, eliminate alert fatigue, and actually improve delivery speed.

💥 Join our New SafeDev Talk - AI Unleashed: Navigating Emerging Threats and Defenses in Application Security

Maria — Fri, 10 Oct 2025 07:28:34 +0000

Artificial Intelligence is transforming Application Security (AppSec), powering both next-generation attacks and cutting-edge defenses.
From polymorphic malware and AI-crafted injections to runtime model tampering and prompt injection exploits, the AppSec landscape is changing fast. Join us for a session where we’ll explore how AI is reshaping the security battlefield, and what you can do to stay ahead.

Event Details:

📅 Date: October 22nd
⏰ Time: 16:00 (CEST) / 10:00 (EDT)
🎥 Format: Live on LinkedIn

🎙 Speakers:
Atanas Nikolov — DevSecOps Expert, Cybersecurity Program Alumni @ RNDC Bulgaria
Jesús Cuadrado — CPO @ Xygeni

🔗 Register now to secure your spot → https://www.linkedin.com/events/aiunleashed-navigatingemergingt7382047771396104192/

Some of the Things that you May Learn:

🔹 Emerging AI-driven threats: polymorphic malware, model tampering, and prompt injection attacks
🔹 AI-powered defenses: smarter vulnerability detection and real-time threat mitigation
🔹 How to secure AI components within your applications and CI/CD pipelines
🔹 Integrating AI threat awareness into security policies and developer workflows
🔹 Practical steps to future-proof your AppSec strategy

AI is no longer just a tool: it’s a new attack surface and a new defense frontier.
This session will help you navigate that duality with confidence and clarity.

➡ Register Now for the Live Event

𝐔𝐩𝐜𝐨𝐦𝐢𝐧𝐠 𝐖𝐞𝐛𝐢𝐧𝐚𝐫: 𝐀𝐈 𝐀𝐩𝐩𝐥𝐢𝐜𝐚𝐭𝐢𝐨𝐧 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐀𝐮𝐭𝐨𝐦𝐚𝐭𝐢𝐨𝐧!

Maria — Mon, 22 Sep 2025 13:38:22 +0000

AppSec folks: feeling overwhelmed by noise and manual triage?
Dev teams: tired of security slowing you down? Let’s fix that!

We’re hosting a hands-on webinar to show how AI can automate application security and deliver real, dev-friendly auto-remediation.

What You'll See:

💠Secrets, OSS vulns, and code issues auto-fixed in seconds
💠How to focus on real risks using EPSS & reachability
💠Auto-generated PRs with safe fixes (no more manual patching)
💠CI/CD guardrails that help, not hinder
💠Practical steps to secure every commit and pull request

📅 Event Details:
Date: October 8
Time: 17:00 CEST / 11:00 EDT
Where: Live on LinkedIn

🎥 Can’t make it live? Register to get the replay!

👉 Register here: https://www.linkedin.com/events/7375842799042248704/

Let’s turn security into a speed advantage!