AppSec News Roundup on Claude Code Leak, Axios NPM Compromise, Secure Design - Idan Plotnik, Raj Mallempati - ASW #377

AppSec News Roundup on Claude Code Leak, Axios NPM Compromise, Secure Design - Idan Plotnik, Raj Mallempati - ASW #377

Author: Security Weekly Productions April 7, 2026 Duration: 1:08:42
Security Weekly Podcast Network (Video)
TechnologyNews

Security problems aren't changing very much even though security teams are. We catch up on the implications of the Claude Code source leak, the very human lessons from the axios NPM compromise, and what secure design looks like when it involves agents, humans, or both.

AppSec has always celebrated interesting and impactful vulns. And LLMs are now a favored tool for finding flaws. We shouldn't forget the success and effectiveness of fuzzers like OSS-Fuzz, which has improved security for over 1,000 projects and found over 50,000 bugs. But we can't ignore the ease of prompting an agent to go find -- and exploit -- a vuln when the UX and overhead of doing so is hardly more than writing some markdown.

The SDLC Blind Spot: Why Breaches Start with Identity, Not Code

Developers have access to source code, CI/CD pipelines, and cloud infrastructure — and attackers know it. Target lost 860GB of source code through a single compromised credential. Recruitment fraud campaigns have pivoted from a compromised developer to cloud admin in under 10 minutes. As agents join human developers, contractors, and service accounts in the SDLC, the attack surface is expanding faster than static security tools can track. Security teams need real-time visibility beyond code and into who has access and what they're actually doing.

This segment is sponsored by Apiiro. To lean more, visit https://securityweekly.com/apiirorsac.

How AI-Driven Development is Reshaping the Application Risk Landscape

Agent coding assistants are accelerating software development, generating more code and more change than security teams were built to handle. In this interview, Idan Plotnik discusses how AI-driven development is reshaping the application risk landscape and why traditional vulnerability management models can't keep up.

Make sure to schedule a free SDLC Risk Assessment with BlueFlag Security - 30 minutes to deploy. 48 hours to results. Please visit https://securityweekly.com/blueflagrsac.

Show Notes: https://securityweekly.com/asw-377


Dive into the ever-evolving world of digital defense with the Security Weekly Podcast Network (Video). Produced by Security Weekly Productions, this network isn't a single perspective but a comprehensive hub where different facets of cybersecurity come into focus through distinct, dedicated shows. You'll find episodes from series like Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News, all curated in one feed. This structure means that whether you're analyzing code, shaping corporate policy, or managing infrastructure, there's relevant content for you. The discussions move beyond headlines, offering practical analysis and expert insights that help make sense of complex threats and solutions. By blending technology deep dives with timely news commentary, this video podcast provides a multi-dimensional view of the field, suitable for professionals who need to stay informed and enthusiasts curious about how security shapes our digital lives. It’s a consistent resource for anyone looking to understand not just what is happening in cybersecurity, but why it matters and how to respond.
Author: Language: English Episodes: 100

Official website RSS
instagramyoutubediscordlinkedinspotifygithub
Security Weekly Podcast Network (Video)
Podcast Episodes
AI Makes All Bug Shallow? - PSW #921 [not-audio_url] [/not-audio_url]

Duration: 2:05:00
This week: Rage dropping 0-Day Claude Mythos, things are different now From UART to root, on a device made in China, where's the FCC? More CUPS vulnerabilities Russians are hacking routers, FCC ban doesn't stop them Mong…
What Is A Router? (And all things AI) - PSW #920 [not-audio_url] [/not-audio_url]

Duration: 2:05:34
In the Security News: Claude leaks source code and new models Two really smart people say AI is finding vulnerabilities better than ever Windows is using your internet to send updates to strangers BIG-IP APM vulnerabilit…

«123456...10»