IEEE

Large Language Models Versus Static Code Analysis Tools: A Systematic Benchmark for Vulnerability Detection

Abstract: Modern software relies on a multitude of automated testing and quality assurance tools to prevent errors, bugs and potential vulnerabilities. This study sets out to provide a head-to-head, ...
The Hacker News

Claude Code Security and Magecart: Getting the Threat Model Right

When a Magecart payload hides inside the EXIF data of a dynamically loaded third-party favicon, no repository scanner will catch it – because the malicious code never actually touches your repo. As ...
Ars Technica

Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...
csis.org

AI-Driven Code Analysis: What Claude Code Security Can—and Can’t—Do

Q1: How does Claude Code Security function—and how does it differ from traditional static application security testing (SAST)? A1: Conventional rule-based static analysis uses pattern matching, ...
Forbes

From 'Shift Left' To 'Shift Smart': Why AI Agents Will Replace Static Analysis

Over the years, "shift left," a development practice that shifts testing, QA and security initiatives "left" on the timeline, has become the cornerstone of DevSecOps. I've watched it become the ...
GitHub

Metis: AI-Powered Security Code Review

Metis is an open-source, agentic AI security framework for deep security code review, created by Arm's Product Security Team. It helps engineers detect subtle vulnerabilities, improve secure coding ...
The New York Times

This A.I. Tool Is Going Viral. Five Ways People Are Using It.

Claude Code generates computer code when people type prompts, so those with no coding experience can create their own programs and apps. By Natallie Rocha Reporting from San Francisco Claude Code, an ...
VentureBeat

Claude Code just got updated with one of the most-requested user features

Anthropic's open source standard, the Model Context Protocol (MCP), released in late 2024, allows users to connect AI models and the agents atop them to external tools in a structured, reliable format ...
VentureBeat

Meet Aardvark, OpenAI’s security agent for code analysis and patching

An aardvark works in an office typing at a desktop PC while happy human workers mill about in the background. Credit: VentureBeat made with ChatGPT Positioned as a scalable defense tool for modern ...
sei.cmu

Automated Code Repair for C/C++ Static Analysis

Details the application of design, development, and performance testing to an automated program repair tool we built that repairs C/C++ code. Static analysis (SA) tools produce many diagnostic alerts ...
InfoWorld

Microsoft C++ static analysis tool bolsters warning suppressions

The Microsoft C++ Code Analysis tool has been updated to provide better tracking, justification, and overall management of warning suppressions. These improvements lead to a more maintainable and ...