DEV Community

#appsec

Application security topics beyond the web, including mobile and desktop applications.

Posts

đź‘‹ Sign in for the ability to sort posts by relevant, latest, or top.
Your AI Agent's Memory Is Now an Attack Surface, and Nobody Designed for That

Your AI Agent's Memory Is Now an Attack Surface, and Nobody Designed for That

1
Comments
3 min read
Your AI Coding Assistant Isn't Reading Your Code, It's Mailing It Home

Your AI Coding Assistant Isn't Reading Your Code, It's Mailing It Home

1
Comments 1
3 min read
GitLost Is a Preview of Every Agentic Workflow Breach You'll See This Year

GitLost Is a Preview of Every Agentic Workflow Breach You'll See This Year

1
Comments
3 min read
AI-Run Ransomware: The Autopilot Was Impressive, the Pilot Still Booked the Flight

AI-Run Ransomware: The Autopilot Was Impressive, the Pilot Still Booked the Flight

1
Comments
3 min read
Hardening my own Nmap web UI: the security holes I shipped, and what actually saved me

Hardening my own Nmap web UI: the security holes I shipped, and what actually saved me

2
Comments
4 min read
Your Phishing Simulation Score Is 99%. Here's Why That Worries Me.

Your Phishing Simulation Score Is 99%. Here's Why That Worries Me.

Comments
4 min read
"183 Local Tools, Zero Guardrails: What Local MCP Gets Wrong About 'Privacy'"

"183 Local Tools, Zero Guardrails: What Local MCP Gets Wrong About 'Privacy'"

Comments
3 min read
HalluSquatting: How Attackers Turn AI Coding Agents Into a Botnet Without Touching a Single Victim

HalluSquatting: How Attackers Turn AI Coding Agents Into a Botnet Without Touching a Single Victim

1
Comments 1
5 min read
Agentic AI Security: Risks, OWASP Agentic Top 10, and Defensive Patterns (2026)

Agentic AI Security: Risks, OWASP Agentic Top 10, and Defensive Patterns (2026)

Comments
13 min read
Your Coding Agent Is a New Attack Surface and Most Devs Aren't Ready for It

Your Coding Agent Is a New Attack Surface and Most Devs Aren't Ready for It

1
Comments
3 min read
Phantom Squatting: When AI Hallucinated Domains Become Attacker Infrastructure

Phantom Squatting: When AI Hallucinated Domains Become Attacker Infrastructure

1
Comments
5 min read
282 AI Apps Are Handing Strangers Your API Bill — And Calling It a Product

282 AI Apps Are Handing Strangers Your API Bill — And Calling It a Product

1
Comments
3 min read
Your AI Agent Is Being Fed Lies, and Your Logs Won't Tell You

Your AI Agent Is Being Fed Lies, and Your Logs Won't Tell You

2
Comments
3 min read
GuardFall: When Decades-Old Shell Injection Tricks Beat Modern AI Safety Guardrails

GuardFall: When Decades-Old Shell Injection Tricks Beat Modern AI Safety Guardrails

1
Comments
5 min read
BioShocking: How AI Browsers Were Tricked Into Handing Over Your Passwords

BioShocking: How AI Browsers Were Tricked Into Handing Over Your Passwords

2
Comments
5 min read
đź‘‹ Sign in for the ability to sort posts by relevant, latest, or top.