Ressourcen

AppSec Governance Playbook: Building Guardrails for AI-Accelerated Development

Intercepting AI Risk: The Secure at Inception Workflow

In several videos reviewing models outputs for security with Snyk we point out how the dependencies they choose can sometimes be problematic (like with csurf).

GLM 4.7 vs. The Giants: Is This the New King of AI Coding?

Can a lesser-known model compete with the likes of OpenAI, Google, and Anthropic? In this video, we put Z.ai’s GLM 4.7 to the ultimate test.

Testing MiniMax M2.1 for AI Coding: The Results Might Surprise You

Can "lesser-known" AI models actually keep up with the giants like Google, OpenAI, and Anthropic? In today’s video, we put MiniMax M2.1 to the ultimate test: building a production-ready, secure Node.js note-taking application from a single prompt.

How AI Agents Still Break Security When Nothing Is Broken

AI agents can fail security without any bugs or vulnerabilities. Learn why agent behavior breaks trust boundaries and how threat modeling mitigates risk.

AI Agents Don’t Ask Permission: Building an AI-BOM for Visibility & Control

Watch this hands-on session to learn how to generate an AI-BOM and secure your AI-native apps.

4 Reasons Why Dynamic Security Testing Is Critical For All Your Assets

Attackers don't just target your crown jewels; they look for the weakest link in your entire application footprint. Limiting dynamic security testing to tier-one apps leaves dangerous blind spots across forgotten APIs and internal tools. Discover why universal DAST is critical for modern risk management and how it helps teams uncover hidden vulnerabilities before they become entry points for a breach.

Inside the 'clawdhub' Malicious Campaign: AI Agent Skills Drop Reverse Shells on OpenClaw Marketplace

Snyk security researchers have uncovered the clawdhub malicious campaign targeting the ClawHub AI marketplace with Trojanized skills that drop reverse shells. This sophisticated attack uses social engineering and obfuscated scripts to compromise hosts via AI agent capabilities on Windows and macOS. Learn how to identify these threats and secure your AI supply chain against evolving agentic workflow risks.

2026 State of Agentic AI Adoption

From SKILL.md to Shell Access in Three Lines of Markdown: Threat Modeling Agent Skills

Discover the lethal trifecta of AI agent security risks. Learn how malicious OpenClaw Skills and supply chain attacks like ClawHavoc put your data at risk. Threat model your AI agents and secure them with Snyk Evo.

From Shift Left to Secure at Inception: The Evolution of AppSec in the Age of AI

From First Prompt to Final Fix: How Snyk Secures AI-Driven Development

Your Clawdbot (OpenClaw) AI Assistant Has Shell Access and One Prompt Injection Away from Disaster

Is your personal AI assistant secure? Dive into the agentic security risks of Clawdbot: prompt injection, supply chain, and network exposure. Discover Snyk's tools to secure your agents.

DAST vs RASP: Understanding the Differences in Application Security

Understand the critical differences between DAST and RASP to build a robust application security strategy. This guide explores how DAST proactively identifies vulnerabilities before deployment while RASP provides real-time protection during runtime. Learn how to leverage both technologies to create a layered defense for your modern software stack.

Unifying Control for Agentic AI With Evo By Snyk

OWASP AI Exchange: a practical, “one-stop” guide to securing AI (not just GenAI)

The OWASP AI Exchange is a comprehensive open source guide for securing all AI systems, bridging the gap between traditional AppSec and modern machine learning threats. Use this practical resource to implement the G.U.A.R.D. starter plan and scale your AI security program with confidence.

Building and Operating an AI-BOM: Discover, Assess, and Govern Your AI Assets

A New Era for AI Coding? GPT 5.2 vs. Security Vulnerabilities

The End of Human-Speed Security: Defense in the Age of AI Agents

Discover why 97% of security leaders are calling for AI security mandates and how to bridge the gap between autonomous AI adoption and machine-speed defense.

DAST in CI/CD Pipelines: Integration Strategies and Best Practices

Learn how to integrate Dynamic Application Security Testing (DAST) into your CI/CD pipelines to identify runtime vulnerabilities and environment-specific flaws. Explore proven strategies for automating scans, managing false positives, and balancing security rigor with development speed. Discover why combining SAST and DAST is essential for building a robust, developer-first security posture in modern DevSecOps environments.

5 Benefits of Using SAST and DAST Together

Discover why combining SAST and DAST is essential for comprehensive application security, from early code analysis to runtime validation. By integrating both methodologies, teams can reduce false positives, lower remediation costs, and automate security within CI/CD pipelines. Learn how to bridge the gap between development and security to build faster and more securely.

When AI Goes Off-Script: Managing Non-Deterministic Risk | Snyk

Building Secure MCP Servers: A Developer's Guide to Avoiding Critical Vulnerabilities

Cloud Network Security: Best Practices & Essential Strategies for Protecting Modern Cloud Infrastructure

Modern cloud security requires moving beyond traditional perimeters to embrace Zero Trust, AI-driven threat detection, and quantum-safe encryption. This guide outlines essential strategies for mitigating misconfigurations and managing the shared responsibility model. Learn how to automate your incident response to stay ahead of evolving DDoS and AI-weaponized attacks.