Cycode

It was great attending Clutch Events' San Francisco Secure Software & AppSec Summit yesterday. The conversation wasn't about features, but the reality of securing an agentic software factory where code moves at machine speed. A recurring theme throughout the sessions was how the shift to agentic development makes context a requirement, not a luxury. Without a relational understanding of risk, security teams are just drowning in noise. Nice to connect with Joe Donnelly, William Derksen, Amir Kazemi, and Monica Nio, CMP and so many others from the community. Learn how Cycode secures the entire software factory: https://lnkd.in/gyibvt3n #Cycode #ProductSecurity #DevSecOps #AISecurity

The traditional role of the security team is fundamentally changing to meet the speed of modern development. Julie Chickillo, Vice President and Head of Cybersecurity at Guild, advocates for transforming security into a frictionless business enabler. "Security used to be the 'big book of No'. Today, our job is to figure out how to enable teams to move the company forward as productively as possible." By moving away from manual triage toward high-level orchestration, security becomes a partner in driving business outcomes rather than a blocker. Read all 14 of the 2026 Product Security All-Star interviews here: https://lnkd.in/gV3x3wXZ #Cycode #ProductSecurity #AppSec #DevSecOps #AISecurity

The latest edition of the Cycode newsletter is live. → Shift Left is dead: our manifesto for the agentic era. → Govern every line of AI-authored code: new integrations for Cursor and Anthropic. → The 2027 Horizon: an all-star panel on AI governance and the ADLC. Subscribe to get these insights delivered monthly. Follow Cycode for more practitioner-facing insights. #Cycode #AppSec #DevSecOps #ProductSecurity #AISecurity 

This week, we declared: Shift Left is dead. We published our Shift to AI manifesto: our case for what agentic-era security has to look like. Now we're showing the platform that makes it operational reality. Join us on June 4th for our Agentic Development Life Cycle (ADLC) Security Demo Day; hands-on demos and practitioner discussion on what ADLC Security is and: → AI Visibility - how to discover every model, MCP server, coding assistant, package, secret, and rule file across your ADLC. → AI Governance - setting policies and guardrails before agents write the first line. → AI Guardrails - blocking secrets in prompts at the IDE boundary; scan AI-generated code with Cycode MCP and have the agent fix and re-scan before commit. → AI Risk Detection - a dedicated ADLC risk dashboard to drive remediation across AI assets. See what active, embedded security looks like in the ADLC. Register: https://shorturl.at/1MwIH #ShiftToAI #ADLC #AppSec #AgenticAI

The best way to combat AI is with AI. In this clip, Sarrah Bang (Global Head of Security at Alter Domus) explains why we are moving into the "semantic" era of security. To stay safe, we must analyze the intent and reasoning behind every AI action before high privilege tools are summoned. Sarrah proposes a powerful path forward: building secondary AI models that act as a monitor for primary agents, ensuring every goal aligns with safety before a high risk activity is executed. Watch the full session and catch up on all the insights from the Product Security Summit in our recap blog. Read the full recap here: https://lnkd.in/eZ2Y-BwV #AppSec #ProductSecurity #AI #CyberSecurity #AIGovernance #Innovation #InfoSec

We are officially 7 days away from our upcoming panel, featuring our 2026 Product Security All-Stars from Schneider Electric, Life360 and Ciena. They join Cycode for an exclusive panel on the transition to the Agentic SDLC. Join the panel to learn from these leaders on: → Governance and risk: shifting focus from vulnerability counts to scalable governance frameworks → Silent threats in 2027: surfacing the dormant malicious logic and supply chain risks traditional scanners miss → The self-protecting SDLC: how to move to automated remediation with AI as a trusted teammate Reserve your seat: https://shorturl.at/4Ndc7 #ProductSecurity #AgenticSDLC #AIGovernance #Cycode

Shift Left is dead. For decades, security tried to keep up by reacting earlier. Earlier in the pipeline. Earlier in the developer's workflow. It was a worthy effort in the past. It is woefully inadequate in the present. AI agents write code, discover vulnerabilities, and develop exploits faster than any human-led process can secure. Reacting sooner is reacting too late. Security must operate in parallel, as agentic as development, bringing control, context, and autonomy to secure code creation. This is the Shift to AI. Not a stance. A MOVEMENT. Read the manifesto here: https://shorturl.at/GYL6G

Today we’re excited to announce deeper integrations with Anthropic and Cursor 🚀 Developers are shipping code with Claude, Cursor, and a growing stack of AI agents faster than any human-centric security model was built to handle. The question for security leaders isn’t whether AI is in your codebase. It’s how much, by whom, with which models, and to what effect. We’ve completely closed that gap. Cycode’s new integrations with Cursor and Anthropic give security and engineering leaders a single source of truth for how AI is actually being used to build software. → Cursor: full visibility into developer activity, adoption patterns, model selection, agent vs. chat workflows, and how often AI suggestions are accepted into the codebase. → Anthropic: developer-level activity, model usage across sessions, and how agents interact with your environment through tool use. No more guesswork. Just AI governance built for the way software is actually being written today. Read the full announcement. Link in the comments. 👇

Successful application security in the era of AI requires more than just scaling tool volume. Cássio Batista Pereira, Senior Application Security Engineer at StoneX, notes that even the most advanced autonomous systems cannot compensate for a broken operating model. His philosophy: "To build a successful application security program, you need four pillars: culture, process, tools, and automation. Without all four, the program collapses — no matter how many AI agents you have." When these pillars are aligned, organizations can move beyond blind scanning to achieve true resilience. Read all 14 of the 2026 Product Security All-Star interviews here: https://lnkd.in/gnySFvb3 #Cycode #ProductSecurity #AppSec #DevSecOps #AISecurity

Most application security programs are currently designed for a world that has already disappeared. The 2026 Product Security All-Stars report revealed a sharp truth: "Fixing more things" is no longer a winning strategy. In a world of infinite vulnerabilities, volume is a distraction. The best practitioners are moving toward an Agentic Development Lifecycle. They aren't just adding artificial intelligence tools; they are shifting their entire role from hands-on execution to system orchestration. They focus on the "exploitable reality"; using code, identity, and runtime context to prioritize only the risks that matter. Read the 9 key takeaways from this year's All-Stars: https://lnkd.in/dXKwd6uD #Cycode #ProductSecurity #AppSec #AISecurity #DevSecOps