Posts
How Conflicting Security Directives Can Leave You Without Any Oxygen
If HAL-9000 Didn’t Read Lips, Dave Bowman Wouldn’t Have Had to Spacewalk Without a Helmet Or: Why Your Application’s “I’m sorry Dave, I’m afraid I can’t do that” moment happens because you forgot to protect the pod bay doors Listen, we need to talk about HAL. Not because he’s a murderous AI with trust issues—though…
Securing AI-Generated Code with Digital.ai Release
Introduction: AI Code Security and Its Emerging Risks Large Language Models (LLMs) and AI-assisted coding tools offer immense potential in accelerating development cycles, reducing costs, and improving productivity. However, this acceleration comes at a cost: AI-generated code introduces significant security risks, many of which remain poorly understood, inadequately mitigated, and largely unregulated. The vulnerabilities inherent…
Why Your Security Stack is Like Baking Cookies at 10,000 Feet (And How to Stop Them From Falling Flat)
Last weekend, I spent three hours trying to bake the perfect batch of chocolate chip cookies at my home in Flagstaff. Three batches. Three disasters. Spreading like pancakes, rising too fast and collapsing, burning on the edges while staying raw in the middle. My sea-level recipe had completely failed me. Sound familiar, security engineers? As…
The Return to Bare Metal: Why We’re Done Pretending
For the better part of two decades, we’ve been sold a story about developer productivity. The pitch went something like this: interpreted languages and high-level frameworks abstract away the complexity of systems programming, letting developers move faster and focus on business logic rather than memory management. Python, JavaScript, and their various runtime environments became the…
How Common Is Code Obfuscation in Popular Android Apps?
Whether the goal is to steal intellectual property, gain access to sensitive user information, or access just about anything on a back end server, many targeted attacks begin with reverse engineering parts of client-side applications to gain understanding of their structure and to identify weak spots. Even if the eventual attack happens on the backend,…
Deliver with Evidence: Safer Orchestration, Smarter Rollouts, and Scalable Processes (Release 25.3)
According to recent surveys, 31% of DevOps leaders said a lack of skilled resources is their biggest challenge while Legacy systems and infrastructure are a problem for 29% of DevOps leaders. This is because organizations are required to manage excessive amounts of tools and fragmented processes, making performance and governance standards hard to measure and…
The Fourth Wave is Already Here: What 18 Years of Agile Data Tells Us About What’s Next
For nearly two decades, Digital.ai’s State of Agile Report has served as the industry’s pulse check on how organizations adopt, adapt, and evolve their software delivery practices. Our 18th edition reveals something remarkable: we’re not just witnessing incremental change. We’re watching the early stages of what our CEO Derek Holt calls the Fourth Wave of…
Closing the App Security Gap: Moving Beyond Basic Security Practices
When we talk with security professionals about application protection, we get a variety of feedback ranging from “We have architected our systems with separation of concerns, we use secure coding practices, and we do SAST/DAST testing, so we’re good.” to “In spite of all the other protections we had in place, when we realized that…
The Hidden Cost of Early AI Adoption: Why Rushing in Leads to Regret
AI is widely considered the future of software development, however, according to an MIT study, nearly 95 percent of enterprise AI initiatives fail to deliver measurable business outcomes. This is because most organizations have processes, data quality, and governance procedures that are ill-equipped to address unique challenges presented by AI. At Digital.ai, our mission is…
Magecart is Still Here: Malicious JavaScript Keeps Advancing
In recent months, there have been numerous reports about new website attack campaigns that use injected malicious JavaScript. The Hacker News reported on a large-scale formjacking campaign where stealthy JavaScript was injected to mine cryptocurrency on end-user machines, affecting more than 3,500 websites. GBHackers highlighted a new Magecart-style campaign targeting online checkout forms. In that…
