Latest news with #AppSec
Channel Post MEA
6 days ago
- Business
- Channel Post MEA
Akamai Expands API Security To Address Visibility Gaps From Code To Production
Akamai Technologies has announced new Akamai API Security enhancements designed to help customers stay ahead of evolving threats to APIs. The improvements come as Akamai's API security offering earns recognition through both prestigious industry awards and customer adoption. APIs power everything from mobile apps to online banking, but their growing use has made them a top target for cyberattacks. As threats multiply, companies are racing to secure their APIs without sacrificing speed or innovation. Akamai's latest API Security enhancements address visibility gaps across the API development and production lifecycle. These enhancements include: Managed Service for API Security: The first managed service built specifically for API security, it combines real-time monitoring, expert response, and clear guidance to help organizations catch threats early and cut risk. The first managed service built specifically for API security, it combines real-time monitoring, expert response, and clear guidance to help organizations catch threats early and cut risk. Integration with code repositories: This integration lets teams scan API specifications and code to spot risks before launch — even for APIs that haven't gone live yet. This integration lets teams scan API specifications and code to spot risks before launch — even for APIs that haven't gone live yet. Compliance Dashboard: This dashboard gives teams a centralized view to check how their APIs stack up against key security and privacy standards — like the Payment Card Industry Data Security Standard (PCI DSS v4.0), the General Data Protection Regulation (GDPR), and the MITRE ATT&CK framework — making audits easier and reducing compliance risk. Akamai customers increasingly highlight the benefits of API Security: 'Akamai API Security gives us a clear view of what data is being used and how, enabling us to minimize our attack surface while still delivering the best service possible to our customers.' — CTO of an insurance company '[API Security] is the lighthouse for my AppSec team: Now we know what to focus on. It's a major data security tool for us. The deployment was very easy and they were true partners in the process. Now we can assess our risk in the most scientifically true way possible and control our destiny.' — CISO of a software company 'The tool is robust and responsive, and has given us peace of mind that we have visibility of everything happening at the API level.' — Executive in a healthcare and life sciences organization Akamai's security solutions win awards Three of the technology sector's top industry accolades were recently awarded to Akamai's security solutions. 'Companies are realizing that APIs are a prime target for attackers and securing them is essential to staying resilient, especially in the AI era,' said Rupesh Chokshi, Senior Vice President and General Manager of Akamai's Application Security Portfolio. 'It's great to see the traction we're getting in both adoption and recognition. It tells us we're solving real problems for our customers.'
Yahoo
24-06-2025
- Business
- Yahoo
DefectDojo Enables AI-First Cybersecurity with MCP Support
Cybersecurity teams retain flexibility of using their AI model of choice and can remain confident that their data is secure AUSTIN, Texas, June 24, 2025--(BUSINESS WIRE)--DefectDojo, the leader in scalable security, unified vulnerability management and DevSecOps, today announced the launch of Model Context Protocol (MCP) support in DefectDojo Pro, providing cybersecurity teams the ability to safely take an AI-first approach to organizational security. Dojo Pro users can now connect the platform to any third-party or custom model that supports MCP to create a more effective cybersecurity AI with one simple setup. According to Takepoint Research, 80% of cybersecurity professionals thought that the benefits of AI usage in industrial cybersecurity outweighed its risks, but system integration was labeled a major challenge by 68% of respondents in the same survey. The open-source MCP, developed by Anthropic and backed by industry-leading companies like OpenAI, solves several major issues with incorporating AI into cybersecurity as the first protocol that treats context-sharing between software and AI like an API call. Thanks to over a decade of development of its various features and robust API, Dojo Pro is well-positioned to accommodate AI integration. With a now seamless flow of information between Dojo Pro and an AI model via an MCP connection, any model can now become as capable as Dojo Pro in intelligently deduplicating and auto-triaging findings, distinguishing between different vulnerabilities and providing insights into security posture scoring while retaining natural language processing capabilities for conversational interactions. DefectDojo's MCP support takes a number of additional precautions to strengthen the security infrastructure surrounding the protocol's implementation. Each MCP deployment is done on a per customer basis, ensuring the separation of data. The feature will also be rolled out in phases, starting with Dojo Pro super users. Based on feedback from these users, DefectDojo will continue to roll out MCP support to other Dojo Pro user-roles. "Make no mistake: MCP is a game changer for fully functional AI-enabled cybersecurity. At DefectDojo, however, we prioritize delivering features that are meaningful, accurate, accessible, and, most importantly, safe. We only developed and released our MCP after careful analysis to ensure we could do so in a safe way for our customers," said Greg Anderson, CEO and founder of DefectDojo. "We're building a future of cybersecurity that preserves the flexibility our platform is known for and incorporates opt-in AI-forward features at scales cybersecurity hasn't seen yet. MCP is just our first step." DefectDojo's MCP support represents another groundbreaking feature for the Dojo Pro platform. This spring, Dojo Pro became the first platform of its kind to unify AppSec and Security Operations Center (SOC) on one platform with the launch of next-gen SOC capabilities in addition to its AppSec capabilities. DefectDojo's roadmap, including SOC capabilities and the next AI-focused features in development, is informed by direct customer feedback and use cases. Built by and for cybersecurity professionals, Dojo Pro is designed to efficiently scale for the needs of organizations of any size and neatly organize vulnerability data into one easy-to-use platform with a risk-based approach. DefectDojo's customer base includes Fortune 10 companies, international banks and other financial institutions, government agencies, and solo consultants alike. The open-source OWASP Edition of the platform has been downloaded over 43 million times and is one of the fastest-growing open-source cybersecurity platforms on GitHub as measured by the Open Source Security Index. To learn more about DefectDojo and get started with either the OWASP Edition or Dojo Pro, contact hello@ About DefectDojo DefectDojo is the engine that drives DevSecOps, providing an open, scalable platform that connects security strategy to execution. By aggregating data from any security tool, automating manual processes, and delivering AI-powered insights, DefectDojo empowers organizations to have a unified view of security posture, automate operations to increase productivity and improve decision-making. For more information, visit or follow us on LinkedIn or GitHub. View source version on Contacts Media defectdojo@
Business Wire
24-06-2025
- Business
- Business Wire
DefectDojo Enables AI-First Cybersecurity with MCP Support
AUSTIN, Texas--(BUSINESS WIRE)-- DefectDojo, the leader in scalable security, unified vulnerability management and DevSecOps, today announced the launch of Model Context Protocol (MCP) support in DefectDojo Pro, providing cybersecurity teams the ability to safely take an AI-first approach to organizational security. Dojo Pro users can now connect the platform to any third-party or custom model that supports MCP to create a more effective cybersecurity AI with one simple setup. Make no mistake: MCP is a game changer for fully functional AI-enabled cybersecurity. According to Takepoint Research, 80% of cybersecurity professionals thought that the benefits of AI usage in industrial cybersecurity outweighed its risks, but system integration was labeled a major challenge by 68% of respondents in the same survey. The open-source MCP, developed by Anthropic and backed by industry-leading companies like OpenAI, solves several major issues with incorporating AI into cybersecurity as the first protocol that treats context-sharing between software and AI like an API call. Thanks to over a decade of development of its various features and robust API, Dojo Pro is well-positioned to accommodate AI integration. With a now seamless flow of information between Dojo Pro and an AI model via an MCP connection, any model can now become as capable as Dojo Pro in intelligently deduplicating and auto-triaging findings, distinguishing between different vulnerabilities and providing insights into security posture scoring while retaining natural language processing capabilities for conversational interactions. DefectDojo's MCP support takes a number of additional precautions to strengthen the security infrastructure surrounding the protocol's implementation. Each MCP deployment is done on a per customer basis, ensuring the separation of data. The feature will also be rolled out in phases, starting with Dojo Pro super users. Based on feedback from these users, DefectDojo will continue to roll out MCP support to other Dojo Pro user-roles. 'Make no mistake: MCP is a game changer for fully functional AI-enabled cybersecurity. At DefectDojo, however, we prioritize delivering features that are meaningful, accurate, accessible, and, most importantly, safe. We only developed and released our MCP after careful analysis to ensure we could do so in a safe way for our customers,' said Greg Anderson, CEO and founder of DefectDojo. 'We're building a future of cybersecurity that preserves the flexibility our platform is known for and incorporates opt-in AI-forward features at scales cybersecurity hasn't seen yet. MCP is just our first step.' DefectDojo's MCP support represents another groundbreaking feature for the Dojo Pro platform. This spring, Dojo Pro became the first platform of its kind to unify AppSec and Security Operations Center (SOC) on one platform with the launch of next-gen SOC capabilities in addition to its AppSec capabilities. DefectDojo's roadmap, including SOC capabilities and the next AI-focused features in development, is informed by direct customer feedback and use cases. Built by and for cybersecurity professionals, Dojo Pro is designed to efficiently scale for the needs of organizations of any size and neatly organize vulnerability data into one easy-to-use platform with a risk-based approach. DefectDojo's customer base includes Fortune 10 companies, international banks and other financial institutions, government agencies, and solo consultants alike. The open-source OWASP Edition of the platform has been downloaded over 43 million times and is one of the fastest-growing open-source cybersecurity platforms on GitHub as measured by the Open Source Security Index. To learn more about DefectDojo and get started with either the OWASP Edition or Dojo Pro, contact hello@ About DefectDojo DefectDojo is the engine that drives DevSecOps, providing an open, scalable platform that connects security strategy to execution. By aggregating data from any security tool, automating manual processes, and delivering AI-powered insights, DefectDojo empowers organizations to have a unified view of security posture, automate operations to increase productivity and improve decision-making. For more information, visit or follow us on LinkedIn or GitHub.
Techday NZ
23-06-2025
- Business
- Techday NZ
Agentic AI transforms business operations with enhanced oversight
The integration of agentic artificial intelligence (AI) into business operations is gaining significant momentum across industries, with new research, commentary, and product announcements underscoring both the promise and complexities of these advanced technologies. Matt Johnson, Managing Director for AI & Data at Temus, outlined the evolving landscape of AI agents, noting an industry-wide shift from rudimentary AI interactions towards more advanced, contextually aware systems. "We're witnessing a significant shift in how AI agents are being deployed across industries. The most successful implementations go far beyond basic prompting," Johnson observed. He highlighted the application of sophisticated techniques such as automated reprompting, parameter-efficient fine-tuning, and reinforcement learning, which allow agents to learn from their environments and incorporate expert knowledge. Johnson emphasised that data remains the critical foundation for agentic AI. He noted, "Companies are now realising they need deliberate strategies to acquire and structure this expert knowledge – it's become a competitive differentiator." In sectors such as healthcare and financial services, he asserted, the inclusion of human-in-the-loop workflows is not optional but essential, with the best AI systems augmenting human expertise rather than replacing it. The software development sector, according to Johnson, has provided one of the most compelling success stories, with AI tools such as Claude Code assisting developers by providing contextual suggestions and even autonomously generating code, all while preserving human oversight. This reflects a broader trend, with organisations increasingly viewing AI agents not as autonomous replacements for professionals, but as tools to enhance productivity and decision-making. In the domain of cybersecurity, a new study from Cycode, presented at the RSA Conference 2025, illuminated how agentic AI is reshaping application security practices. The survey found that while 60% of cybersecurity professionals remain in early stages of adoption, those organisations that have embraced agentic AI report notable productivity gains and reduced risks in development and security workflows. Amir Kazemi, Director of Product Marketing at Cycode, observed, "Many interpretations and modalities of 'agent' exist, from simple chatbots to complex workflow automations to true autonomous agents. Our data underscores that educating the market on what agentic AI truly is, why it matters for AppSec, and its tangible value is paramount right now." The Cycode research illustrated growing interest, with almost 50% of surveyed professionals planning to adopt agentic AI in the coming year. Yet, concerns remain about granting AI systems autonomy, with businesses taking a measured approach to integrating these tools. The study identified key opportunities: 44% of professionals believe agentic AI will improve vulnerability management, while 52% see significant value in using AI-driven security checks at the code commit stage. The perceived widening gap between application security and development resources, with some teams managing ratios as high as one security specialist per 1,000 developers, exemplifies the mounting pressure on teams that agentic AI could help alleviate. Financial services are also experiencing AI-driven transformation, as demonstrated by the launch of GTreasury's GSmart AI platform, designed specifically for treasury and finance operations. The platform aims to deliver efficiencies and transparent insights for CFOs and treasury professionals facing complex market and regulatory conditions. GTreasury CEO Renaat Ver Eecke stressed the necessity for AI in finance to prioritise security, compliance, and rapid problem-solving. "GSmart AI... empowers CFOs and treasury teams to confidently take advantage of powerful insights and value without sacrificing compliance or oversight," Ver Eecke stated. The platform provides automated analysis, risk identification, and strategic recommendations, all while ensuring auditability and governance. Mark Johnson, Chief Product Officer at GTreasury, added that GSmart AI is distinguished by its transparency and data sovereignty features, supporting rigorous standards and regulatory requirements. These developments signal that agentic AI, when combined with robust data strategies and clear boundaries for human oversight, is rapidly becoming integral to modern workflows. Whether in software development, cybersecurity, or treasury operations, organisations are increasingly seeking to leverage the unique capabilities of these AI agents to enhance human judgement, streamline complex tasks, and maintain compliance in a rapidly evolving technological landscape.
Techday NZ
13-06-2025
- Business
- Techday NZ
Azul boosts Java security with improved runtime vulnerability detection
Azul has introduced enhanced vulnerability detection capabilities to its Intelligence Cloud that aim to reduce false positives and improve the accuracy of identifying Java application security risks. The company's updated solution, called Azul Vulnerability Detection, now uses class-level production runtime data to detect known vulnerabilities within Java applications. This approach contrasts with conventional application security (AppSec) and application performance monitoring (APM) tools, which often flag vulnerabilities based on component file names or software bill of materials (SBOM) data. Such traditional practices can generate a large volume of false positives, which the company asserts unnecessarily divert DevOps teams' time and effort. Based on findings from the Azul 2025 State of Java Survey & Report, a significant proportion of organisations are affected by this problem, with 33% indicating that more than half of their DevOps teams' time is spent addressing false positives related to Java Common Vulnerabilities and Exposures (CVEs) alerts. The broad-brush flagging approach, which does not distinguish between components actually used in production and those simply present, can result in alerts for unused or non-critical vulnerabilities. Azul's approach leverages data from Java application production environments to establish whether vulnerable classes in a component are executed, rather than simply existing as part of a packaged file. The company claims this refinement enables the solution to eliminate up to 99% of false positives, translating to a potential 100 to 1,000 times reduction compared to earlier detection methods. The technical approach The solution operates by applying a curated knowledge base that maps CVEs to individual Java classes used at runtime. By examining actual code paths executed in live environments, the system can determine whether a flagged vulnerability is relevant and warrants example cited is CVE-2024-1597, which affects specific versions of the PostgreSQL Java Database Connectivity (JDBC) driver. This high-severity vulnerability, which scores 9.8 out of 10 on the Common Vulnerability Scoring System (CVSS), can only be exploited when the driver is used in a particular non-default configuration. Conventional tools issue alerts if the driver is present in the application package, regardless of how it is used, contributing to unnecessary remediation efforts. Azul's detection mechanism discerns whether any of the 11 susceptible classes out of 470 in the component are used, thereby reducing irrelevant alerts. Key benefits According to Azul, the Intelliigence Cloud's Vulnerability Detection capability provides several benefits to enterprises managing extensive Java estates. These include continuous, real-time detection of vulnerabilities in production environments, which helps teams rapidly triage and prioritise critical issues in high-stakes scenarios like the Log4j vulnerability event. The platform retains both real-time and historical data on component and code use, using AI methods to focus forensic investigations on vulnerabilities actively exploited prior to their discovery. Azul's vulnerability team updates the system's knowledge base with newly identified CVEs, using AI to monitor sources such as the National Vulnerabilities Database (NVD) and other repositories. The runtime data collection works across Oracle JDK as well as any OpenJDK-based Java Virtual Machine (JVM), providing flexibility for organisations using a range of Java distributions, including those from Amazon, Temurin, Microsoft, and Red Hat. Azul states that this data-gathering incurs no impact on production system performance, as it leverages information already generated by the JVM during application execution. "The improved Vulnerability Detection features strengthen the proposition of Azul's Intelligence Cloud analytics SaaS offering as a way to increase DevOps productivity and recover developer capacity by reducing the need for full-time employee time spent wasted on security false positives and inefficient triage," said William Fellows, research director at 451 Research, part of S&P Global Market Intelligence. Company statement "Our mission is to help enterprises focus their security efforts on what matters - real risk, not noise," said Scott Sellers, co-founder and CEO of Azul. "By eliminating up to 99% of false positives and pinpointing vulnerabilities in Java applications with 100x – 1000x greater accuracy than traditional tools, Azul Intelligence Cloud enables capacity recovery across DevOps and security teams. As a result, teams can dramatically reduce noise, prioritise real risk and accelerate remediation - all with zero impact to performance and without slowing innovation." Azul's enhancements to its Intelligence Cloud are positioned to address long-standing productivity challenges faced by DevOps teams handling Java application security, particularly the time lost to managing irrelevant or inaccurate alerts.
