Application Security

AI Code Security: Why False Negatives Beat Hallucinations

AI Code Security: Why False Negatives Beat Hallucinations

Sonatype CTO Brian Fox argues that AI coding tools have become more dangerous as they’ve gotten smarter—trading visible hallucinations for silent false negatives that leave vulnerable dependencies undetected. The fix requires grounding AI models in real-time dependency intelligence, not just scanning code after it’s written. ECI Research data confirms AI code governance is the top enterprise security investment priority heading into 2026.

AI Code Security: Why False Negatives Beat Hallucinations Read More »

Minimus Opens Free Secure Container Image Catalog | ECI Research

Minimus Opens Free Secure Container Image Catalog | ECI Research

Minimus is opening its entire catalog of near-zero CVE container images for free, with no registration required. ECI Research examines why the move targets the growing asymmetry between AI-accelerated vulnerability discovery and slow remediation, and what it means for enterprise DevSecOps strategy. Signed SBOMs and an agent-ready CLI make this more than a freemium play.

Minimus Opens Free Secure Container Image Catalog | ECI Research Read More »

Cequence Platform 9.0: AI-Native API Security for the Agentic Era

Cequence Platform 9.0: AI-Native API Security for the Agentic Era

Cequence Security has launched Platform 9.0, an AI-native API security release featuring an open MCP server, a built-in AI Assistant, and 250-plus pre-built compliance rules mapped to 25 global frameworks. The release positions Cequence as a composable security capability for agentic enterprise workflows, arriving as AI code governance tops enterprise security investment priorities. ECI Research data shows the compliance and agentic integration gaps this release directly targets.

Cequence Platform 9.0: AI-Native API Security for the Agentic Era Read More »

Baz Planner Targets AI Code Governance at the Source

Baz Planner Targets AI Code Governance at the Source

Baz announced Baz Planner, a pre-code gateway that intercepts AI-generated code at the planning stage to eliminate vulnerabilities before they are written. The company also closed a $9M seed extension, bringing total funding to $17M. ECI Research identifies AI code governance as the top enterprise security investment priority heading into 2026.

Baz Planner Targets AI Code Governance at the Source Read More »

Broadcom Bets Big on Spring Ecosystem Security | ECI Research

Broadcom Bets Big on Spring Ecosystem Security | ECI Research

Broadcom has released the largest Spring security update in the framework’s history, introducing commercial-first CVE-only patches and a SLSA Level 3-validated Java supply chain. AI-accelerated threat discovery has broken traditional patching cycles, and Broadcom’s response sets a new benchmark for open source stewardship under commercial cover. ECI Research examines what this means for enterprise risk posture, developer workflows, and the competitive landscape.

Broadcom Bets Big on Spring Ecosystem Security | ECI Research Read More »

Open Source Summit 2026 wrap-up

Open Source Summit 2026 Wrap-Up: Governance, Sustainability, and the New Reality of Open Innovation

A detailed Open Source Summit 2026 wrap-up covering AI governance, maintainer sustainability, runtime security, open infrastructure, and the future of open innovation.

Open Source Summit 2026 Wrap-Up: Governance, Sustainability, and the New Reality of Open Innovation Read More »

Outpost24 Brings AI to DAST Authentication Configuration

Outpost24 Brings AI to DAST Authentication Configuration

Outpost24 has launched AI-powered authentication for its Scale DAST platform, replacing script-based configuration with natural-language instructions executed by an AI agent. The move targets one of the most persistent operational barriers to authenticated scanning at scale. ECI Research analyst coverage examines the business case, competitive implications, and what security and DevSecOps teams should evaluate.

Outpost24 Brings AI to DAST Authentication Configuration Read More »

Crogl Launches Free Agentic AI SOC Platform | ECI Research

Crogl Launches Free Agentic AI SOC Platform | ECI Research

Crogl has launched a free, enterprise-grade agentic AI platform for security operations, deployable in minutes with no licensing restrictions. ECI Research examines the product-led growth strategy, the autonomy confidence gap facing agentic security tools, and what ITDMs and security engineers should evaluate before committing to the enterprise tier.

Crogl Launches Free Agentic AI SOC Platform | ECI Research Read More »

Traefik Argues the Ingress NGINX Retirement Is Really a Warning About Architectural Drift

Traefik Argues the Ingress NGINX Retirement Is Really a Warning About Architectural Drift

At KubeCon EU 2026, Traefik made the case that the retirement of Ingress NGINX is not just a tooling change. It is a signal that enterprises need to rethink ingress, traffic architecture, and observability across Kubernetes, VMs, and AI workloads.

Traefik Argues the Ingress NGINX Retirement Is Really a Warning About Architectural Drift Read More »

Open Source Security Becomes a Platform Requirement at KubeCon EU 2026

Open Source Security Becomes a Platform Requirement at KubeCon EU 2026

At KubeCon EU 2026, Minimus positioned open source security as more than a community issue. Between SBOM pressure, software supply chain risk, and the Cyber Resilience Act, enterprises are being pushed to treat dependency visibility and hardened container images as part of baseline security posture.

Open Source Security Becomes a Platform Requirement at KubeCon EU 2026 Read More »