Salt Security has been attending some super cool events lately! Our amazing teams are looking great while talking about AI API security, and connecting with cyber professionals and partners all around the globe 🌐 Including (not all pictured): Afrika DevSec Day, Crowdtour Buenos Aires, Crowdtour Istanbul, Cybersecurity Summit, Fireside Chat Sunset Rooftop Dinner, Gartner SRM Check out our events page to see where in the world we'll be next: salt.security/events?utm_med…

Now let me gone look up how to pivot from data analyst to Devsec😫😭

InvoZone with ATech Skills hosted the DevSec AI Summit, where innovators, learners & leaders came together to share struggles, exchange ideas, and inspire each other. Proof that AI for all starts with human stories.

Yo entiendo la discusión entre Cursor, ClaudeCode y Github Copilot. Pero YO estoy enfocado en seguridad. Así que lo que puede ser mejor para un Dev, no necesariamente es mejor para un Analista/DevSec. Yo necesito disponibilidad de modelos y capacidad para orquestar agentes simples para tareas específicas y en lo posible capacidad para crear fixes. Dicho esto. No olvidar que lo perfecto es enemigo de lo bueno y mientras muchos esperan soluciones mágicas (o míticas) se les está escapando la tortuga.

As CEO of InvoZone, hosting the DevSec AI Summit with ATech Skills was a deeply human experience. It proved one thing: AI is for all!

Black Duck is proud to be the Gold Sponsor at the 3rd Edition India DevSec Show 2026 in Mumbai. Check out our booth for the Black Duck Polaris™ Platform, where we integrate AppSec to match the speed of AI-powered development. #BlackDuck #IndiaDevSecShow

Taking a short break. Been practicing guitar for 4 hours straight. Grab a bite to eat and then head on over to online college class and complete the assignments. Class isn't hard. You do have to have a background in DevSec for it to make sense. At least the theory part. Solid SDLC practices. Then the class is a breeze. My issue? I hate writing papers. So we wait for Sunday to arrive. Peruse the reading from the textbook. Do the paper during the daylight hours. Wake up around 3 am and conclude the discussion board work. Before the 9 am time limit. By the time all of this is done. Work on getting my website out there for short and simple software projects for orgs around the U.S. Post at least 5 job applications tailored toward their requirements. Wish me luck. I am bored of side hustling as a DoorDasher.

Episode #2 of DevSec Station is out! Listen on any podcast platform or watch here: twp.ai/bWVy9L twp.ai/NSWEZ9

Supply Chain Attacks are one of the biggest threats to developers right now. Most breaches don’t come from your code — they come from the packages you import. Your project is only as secure as its weakest dependency. Daily habits that actually help: 1. Review transitive dependencies regularly 2. Use lockfiles religiously 3. Scan before every deploy 4. Prefer pinned versions for critical libs What’s one supply chain security practice you follow (or wish you started)? Share below 👇#Cybersecurity #DevSec #Programming

AI is writing more code than ever. And it's leaking credentials at twice the rate of humans. 28 million secrets were exposed on GitHub in 2025 alone. 64% of those from 2022 are still valid today - sitting in public, waiting to be exploited. The problem isn't just AI. It's that teams are shipping faster than they're securing. Detection isn't enough. Security has to be part of the workflow from day one. #Web3Security #CyberSecurity #AICode #DevSec

160 npm packages. Developer credentials on the dark web. Rotate AWS GitHub tokens NOW if you used @tanstack on May 11 (19:20-19:42 UTC). decryptiondigest.com #CyberSecurity #npm #SupplyChain #DarkWeb #DevSec #GitHub

This clip looks at a common but incomplete way teams approach supply chain risk. It may feel like enough at first glance, but effective security needs more than simply checking the box. Watch the full episode at DevSec Station to learn about the best way to deal with this. twp.ai/Ilpu9Q

#le vrai post : Pendant plusieurs années, j’ai construit des applications en tant que développeur full-stack. J’ai même fait les #100DaysOfJs lnkd.in/dM3PJqP8 à l’époque. Mais il y a toujours eu un domaine qui me fascinait en parallèle : la cybersécurité. Cette année j’ai décidé de franchir le pas. Je poursuis un #Executive #Master #Cyber #Security #Specializations , et je me lance dans un nouveau défi : #100DaysOfCyber 🔐 #100 jours pour partager ce que j’apprends ,concepts, outils, write-ups, ressources... Avec un angle qui me tient à cœur : #montrer comment le développement et la cybersécurité se complètent, pas comment ils s’opposent. #Un dev qui comprend la sécurité. #Un pentest qui comprend le code. Si toi aussi tu veux relever le défi, fais moi signe. @PamIbrahimaBaba @_makh0u #RenameIT #CyberSecurity #Pentesting #100DaysOfCyber #InfoSec #DevSec

A lot of developers are not making bad choices. They’re making normal choices in systems that are easy to abuse. This example shows exactly how that can happen. Take a look, and watch the full episode at DevSec Station to learn how to prevent this. twp.ai/Ilpu9C

The sneakiest supply chain attacks are not loud. They are boring-looking, easy to miss, and often invisible at first. Which is honestly what makes them so effective. Watch the full episode at DevSec Station to learn more. twp.ai/Ilpu8Z

Huge thanks to @shehackspurple and Ray for the amazing book stream My question on AI threats (particularly Claude Mythos) was taken and I got a very interesting take It indeed true that we must raise our level in devsec unless we just f***king around..the AI isn't going away 🫴

🚨 Emergency DevSec Station Drop There's an active npm supply chain attack happening right now. Compromised packages are stealing SSH keys, AWS credentials, GitHub tokens, browser passwords, and crypto wallets on install. Then using your publish token to infect every package you maintain. One command can protect you immediately: npm config set ignore-scripts true Do it today, please. Tell your team. Watch the full 60 seconds. Video link: twp.ai/IlpPcP #AppSec #SupplyChainSecurity #DevSecOps #SecureCoding #npm

Supply chain attacks are not just “someone hacked a package” anymore. The game keeps changing, and if we still think about this the old way, we’re already behind. Watch the full episode at DevSec Station for the breakdown. twp.ai/IlpuAP

Three agents, one shared service key, and a bad write to the wrong database at 11pm. The engineering team spent four hours narrowing it down - not because the logs were missing, but because every agent looked identical in them. No separate identity. No scope boundaries that were checked before execution. No signed record tied to a specific agent at write time. That is not a tooling gap. That is a category that does not exist yet in most stacks - and the teams that build it in first stop having that four-hour conversation. cyphrex.io #AgentSecurity #AIAgents #DevSec #agenticai #llmagents

What does a regulated team do when the control framework can't answer which agent was authorized to touch which system - and under what scope? Most agent programs in banking and healthcare stall here. Not at the model layer. At the accountability layer. Every agent needs a verified identity on-chain, a defined scope enforced before it executes, and a signed record of what it actually did. That combination is what a risk committee can sign off on. The infrastructure to ship that exists now. cyphrex.io #AgentSecurity #AIAgents #DevSec #agenticai #llmagents #Compliance #Enterprise