I’m at #unprompted con and if there was a drinking game for this event, I’d suggest: “context”, “reasoning”, “skills” as bingo squares

PR FEEDBACK IS LIVE IN DRYRUN SECURITY 🔥🔥🔥 When a security finding shows up in a pull request, it shouldn’t turn into a side quest. PR Feedback closes that loop. Now when DryRun Security flags something, developers can reply directly in the thread to mark a false positive or nitpick. DryRun updates the findings instantly, regenerates the PR summary, and logs the action for a clean audit trail. No tickets to file. No separate workflow to manage. No chasing someone down to clear it. Read how it works → dryrun.security/blog/securit…

Opener of #unpromptedcon happening now. Hanging with @LiorKolnik and @abraham_jabez Who else is around? I’ve seen @treyford and @rmogull #unprompted

AppSec leaders: quick gut check. Can you answer these questions about your program with confidence? In this short video, @cktricky, DryRun Security CTO & Co-founder, shares the pointed questions he keeps hearing teams struggle with as development and risk accelerates: ❓Can you train developers based on the actual risks they introduce instead of one-size-fits-all training? ❓Do you know what’s being shipped without being told beyond the release/review process? ❓Are your developers ready to build secure AI applications? ❓Do you know which teams are using AI coding assistants, and do you have the right guardrails? ❓Can you respond to zero-days in minutes, with clear visibility into exposure and next steps? If any of these made you pause, you’re not alone. A lot of teams are still forced into the “old way” of doing AppSec while engineering velocity keeps climbing. We built DryRun Security to help practitioners close these gaps with a modern approach to code risk and visibility. If you want confidence in answering these questions, schedule a demo with us at dryrun.security/get-a-demo

📢 We’re thrilled to welcome Andrew Peterson to our Board of Directors, effective immediately! Andrew is a rare blend of security builder, technologist, and investor with a track record of helping create category-defining companies. He: ➡️ Co-founded Signal Sciences, helping pioneer modern web app & API security (acquired by Fastly in 2020) ➡️ Founded Aviso Ventures, an early-stage fund focused on enterprise & infrastructure software ➡️ Has backed standout AI security teams including Protect AI (acquired by Palo Alto Networks in 2024) and SGNL.ai (acquired by CrowdStrike earlier this year) As Andrew put it: “As AI agents take on more responsibility in writing and reviewing code, security must evolve into something more intelligent, contextual, and adaptive.” That’s exactly the mission at DryRun Security: AI-native code security intelligence built for the agentic era—reducing noise, surfacing real risk, and bringing policy-driven visibility to agentic code changes. Since emerging from stealth, DryRun Security customers are now running 250,000 code reviews per month through DryRun Security, proof that the way software is built is changing fast, and security has to keep up. Welcome, Andrew! We’re excited to build what’s next! 💥 🔗 Read more at globenewswire.com/news-relea…

AI did not create entirely new AppSec problems. It changed where they show up. Prompts. Generated code. Tool calls. Model integrations. The risks are familiar. The workflows are not. Join our live fireside chat, Code Velocity in an AI-era: How AppSec Teams Can Stay Ahead, with Adam Dyche with @poweredbyCMRC, @wickett , @cktricky, and Zac Fowler with DryRun Security. They'll unpack how real teams are securing LLM-powered applications without rebuilding their entire AppSec stack. 🗓️ Feb 4 | 1PM ET Register 👉 na2.hubs.ly/H037Qhw0

LLMs are everywhere in your stack and every layer brings new #risk buff.ly/QxQvEVg @HelpNetSecurity @Wickett @DryRunSec #cybersecurity #business #digital #innovation #digitaltransformation #leadership #management #CIO #CTO #CISO #CEO #CDO #AIrisks #tech #LLM #genAI

Join us for CYBERLUNCH. PIZZA CYBER in North Austin / Round Rock tomorrow! meetup.com/cyberlunch/events…

LLM apps are moving fast, and the risks are moving faster. That’s why we’ve developed a guide for securing AI Applications. In “Building Secure AI Applications,” we break down how the OWASP LLM Top 10 shows up in real systems and map each risk to controls teams can actually implement today. If you’re building or securing LLM features, we include a full vendor-neutral reference architecture. Download the Guide → dryrun.security/resources/ow…

Mark Burgess once pointed out that determinism in large systems is mostly an illusion. He was right. We pretend our tools can capture risk with fixed rules, but modern software isn’t static enough for that. In our most recent post, @wickett discusses how AI is pushing us into an era where code evolves faster than rule sets ever could. Probabilistic security isn’t a trend; it’s becoming the only model that fits reality. Read the whole post at dryrun-staging.webflow.io/bl…

I’m turning around if I’d booked a meeting there

Post Halloween vibes

Huge thanks to the @LASCONATX volunteer team (incredible hosts) and to everyone who stopped by our booth for great #appsecurity conversations. If you missed it live, catch @wickett's talk "Out of Control: Promise Theory and the Future of Code Security Agents" slides here: promise-theory-34zpp7h.gamma…

You have my support!

Thrilled to team up with @secdim to connect DryRun Security contextual risk insights with hands-on secure coding labs. This helps engineering teams turn findings into learning and fixes faster. Thanks, Pedram, for this innovative use case for the DryRun MCP!

I’m ready for copilot for MS-Paint

Good morning #devopsdays #denver!

Get superhuman visibility into your security posture, architecture, and more! Announcing DryRun Security Code Insights MCP. Now you can ask your code what changed and why: 👉 “Hey DryRun, are there any new admin endpoints this week?” 👉 “Which PRs touched auth or payments?” Don’t let important security changes slip past review, or waste hours gathering data for your next audit. With Code Insights MCP, you can speak or type a request and get results in seconds, complete with charts and auto-remediation. Read more on our blog from Ken Johnson: na2.hubs.ly/H011CJs0 #AppSec #DevSecOps #CodeSecurity #AI #MCP

TEXAS IS BACK!!