News and Tech Update

Secure Code Warrior (SCW) this week added an artificial intelligence (AI) agent that both identifies code generated by an AI coding tool and automatically applies the appropriate governance policies. Company CEO Pieter Danhieux said the SCW Trust Agent makes it possible for DevSecOps teams to use AI to verify which AI models influenced specific commits, correlate that influence to vulnerability exposure, and take corrective action before insecure code is added to a production environment. DevSecOps teams can also use the AI agent to discover any Model Context Protocol (MCP) servers that might have been deployed without permission. Finally, SCW benchmark data can also be used to evaluate models and enforce approved AI usage policies based on measurable output, noted Danhieux. For example, a developer may be using one AI model to reduce costs without realizing they are also generating more vulnerabilities that would not otherwise be created if they relied on a different AI model. A...

Austin, TX, USA, March 19th, 2026, CyberNewswire New Report Highlights Surge in Exposed API Keys, Session Tokens, and Machine Identities, and more. SpyCloud , the leader in identity threat protection, today released its annual 2026 Identity Exposure Report , one of the most comprehensive analyses of stolen credentials and identity exposure data circulating in the criminal underground and highlighting a sharp expansion in non-human identity (NHI) exposure. Last year, SpyCloud saw a 23% increase in its recaptured identity datalake, which now totals 65.7B distinct identity records. The report shows attackers are increasingly targeting machine identities and authenticated session artifacts in addition to traditional username and password combinations and personally identifiable information (PII). “We’re witnessing a structural shift in how identity is exploited,” said Trevor Hilligoss, Chief Intelligence Officer at SpyCloud . “Attackers are no longer just targeting credentials. The...

Stripe built Minions. Ramp built Inspect. Coinbase built Cloudbot. Three engineering organizations, working independently, arrived at similar architectural decisions for their internal AI coding agents. LangChain noticed the convergence and open-sourced the pattern. Open SWE, released March 17, is an open-source framework built on LangChain’s Deep Agents and LangGraph that provides the core architectural components for internal coding agents. The MIT-licensed project isn’t trying to be another AI coding assistant . It’s a customizable foundation for organizations that want to build their own — the way Stripe, Ramp and Coinbase already have. The Convergence What caught LangChain’s attention was that these independently developed systems share the same architectural decisions. Isolated cloud sandboxes where tasks run with full permissions inside strict boundaries. Curated toolsets — Stripe reportedly maintains around 500 carefully selected tools. Subagent orchestration where complex...

Arcjet today added an ability to detect and block risky prompts before they are shared with a large language model (LLM) embedded within an application. The Arcjet AI prompt injection protection capability is based on an LLM that the company has been specifically training to detect patterns indicative of risky prompts that can then be blocked using a runtime policy engine built using WebAssembly (Wasm). That approach makes it simpler to embed the Arcjet policy engine into application code and apply it to endpoints built with JavaScript, Python or frameworks such as the Vercel AI software development kit (SDK) or LangChain. Arcjet CEO David Mytton said that the overall goal is to prevent malicious prompts from being used to, for example, discover the underlying components of an application environment or delete data. Alternatively, a prompt might also expose sensitive data to an AI model in a way that shouldn’t be allowed. Initially, Arcjet is focused on prompt-extraction and shel...

A coalition of major tech companies has committed $12.5 million to strengthen the security of open source software, an effort aimed at coordinating responses to the growing pressures created by AI. The funding is provided by Anthropic, AWS, GitHub, Google, Microsoft and OpenAI. It will be administered by the Linux Foundation through its Alpha-Omega Project and the Open Source Security Foundation (OpenSSF). The funding arrives at a moment when AI tools are reshaping both software development and cybersecurity. Automated systems can now identify vulnerabilities at a scale that was previously unattainable. While that offers huge benefits, it also creates new headaches for the developers who maintain widely used open source projects. Maintainers are increasingly inundated with security reports, many of them generated by AI systems. The volume of these findings has outpaced the ability of small teams (and in many cases, individual contributors) to assess and respond effectively. In re...

Whether the DevOps shops like it or not, they are feeling the pressure from AI. They’re expected to move more quickly, alongside their dev counterparts. The gruntwork that used to take weeks can be automated away, leaving time for fast prototyping, so the managers think. According to Google Cloud’s 2025 DORA State of AI-assisted Software Development Report , 90% of developers now use AI tools, and 25% are now working alongside  AI assistants.  Users of the Spacelift Infrastructure-as-Code platform now have some help with this automation, thanks to a new feature offering a conversational interface that purports to explain what is going on with their IT operations, and even make changes on the user’s behalf if necessary.  “Platform teams are expected to respond at the speed of experimentation while still maintaining security, compliance, and operational consistency,” wrote Technical Senior Product Manager Tim Davis, in a blog item posted today .  It is an app...