Ressources

Inside StegaBin: How a DPRK Steganography Campaign Generated Headlines

North Korean hackers published 26 malicious npm packages using Pastebin steganography for C2. It made headlines everywhere. We checked the data: zero real-world impact. Here's what the campaign actually did, and what it tells us about the real risk of malicious package campaigns.

CVE-2026-29000: How a Public Key Breaks Authentication in pac4j-jwt

CVE-2026-29000 is a CVSS 10.0 authentication bypass in pac4j-jwt that lets attackers forge admin tokens using only the server's RSA public key. Learn how the vulnerability works, whether you're affected, and how to fix it.

I Asked Gemini 3.1 Pro to Build a Secure App... Then I Scanned It for Vulnerabilities.

AI Radar: February Edition

Earn CPE credits! Each session provides a deep dive into real-world issues and offers actionable insights to safeguard your applications. We bridge the gap between traditional security and the new frontier of AI-native applications, ensuring your team can innovate without compromise.

Accelerating Public Sector Modernization with Secure AI-Driven Migration

Learn how generative AI accelerates legacy application migration for the public sector—and how Snyk secures AI-generated code, dependencies, containers, and cloud infrastructure from code to cloud.

AI on the Radar: Securing AI Driven Development

DAST vs. Penetration Testing: 5 Key Differences

Deciding between DAST and penetration testing is vital for securing modern APIs and microservices. Learn how to combine these methodologies to build a robust, layered security strategy that protects your entire application portfolio.

Top 8 Claude Skills for UI/UX Engineers

Explore the top Claude Skills transforming UI/UX engineering by automating repetitive tasks like accessibility audits and component scaffolding. Discover how to streamline your workflow and focus on the creative decisions that truly matter.

Top 8 Claude Skills for Developers

From Manus-style task planning to Terraform code generation and Core Web Vitals optimization, these 8 Claude Skills give developers repeatable AI-powered workflows for real engineering work.

Six Principles for Rethinking DevSecOps for AI

The 6 factors are: Developer-First AI Security, Secure AI by Design, Shared AI Accountability, Automated AI Security, AI-Specific Intelligence, and AI Governance & Continuous Improvement

Cursor Composer 1.5 vs 1.0: What’s Actually Changed?

Your AI "Skills" Are the New Agentic Attack Surface

As AI moves beyond simple chat to autonomous execution, the skills powering these agents have emerged as a dangerous new attack surface. Learn how to protect your organization from malicious AI agent tools while maintaining development velocity in the age of agentic workflows.

Anthropic Just Launched Claude Code Security. Here's Why That's Great News for the Industry

Anthropic's launch of Claude Code Security is sparking headlines about the end of traditional security, but the real story is about the shift from detection to automated remediation. This move validates a layered security approach that combines AI reasoning with deterministic analysis to protect the modern software supply chain.

Building Safer AI Agents with Structured Outputs

Learn how structured outputs help developers build safer, more reliable AI agents by enforcing strict schemas during token generation. Discover the essential frameworks and security tools needed to move your AI agents to an enforcement-based production environment.

Top 8 Claude Skills for Finance and Quantitative Developers

Quantitative finance is evolving as algorithmic traders shift from AI skepticism to practical automation using Claude Skills. Learn how to leverage the latest Claude Skills and security best practices to reclaim mental bandwidth for high-level financial judgment.

Can You Trust AI Code? I Built a Scanner to Find Out

Can you trust the code AI generates? In this video, we build a custom AI Security Benchmarking tool to put models like Gemini, Mistral, and GLM 4.5 to the test.

I Built a Production-Ready App in 20 Minutes with Claude Opus 4.6

My boss dropped a bombshell at 4:00 PM: build a secure, production-ready app from scratch by tomorrow morning. Instead of panicking, I put Claude Opus 4.6 to the test.

GPT-5.3 Codex vs. Claude Opus 4.6: Which AI Builds Apps Better?

Can OpenAI’s new GPT-5.3 Codex take the crown from Anthropic’s Opus 4.6? In this video, I put Codex to the test by rebuilding the same app I recently tackled with Opus 4.6.

The AI Security Crisis in Your Python Environment | Snyk

SAST vs. DAST vs. IAST vs. RASP: Understanding Application Security Testing Methods

Navigate the key differences between SAST, DAST, IAST, and RASP. This guide explains how to integrate these testing methods throughout the software development lifecycle to eliminate blind spots and block real-time attacks.

BOLA: The API Vulnerability Hiding in Plain Sight

Discover why Broken Object Level Authorization (BOLA) is the #1 OWASP API risk. Learn why traditional testing tools fail to test this "hidden" flaw properly and how Snyk’s AI-powered DAST provides the context needed to stop data breaches.

AppSec Governance Playbook: Building Guardrails for AI-Accelerated Development

Intercepting AI Risk: The Secure at Inception Workflow

In several videos reviewing models outputs for security with Snyk we point out how the dependencies they choose can sometimes be problematic (like with csurf).

GLM 4.7 vs. The Giants: Is This the New King of AI Coding?

Can a lesser-known model compete with the likes of OpenAI, Google, and Anthropic? In this video, we put Z.ai’s GLM 4.7 to the ultimate test.