Application Security Posture Management (ASPM) 
eXtended SBOM (XBOM) 
API Security Testing 
Software Supply Chain Security (SSCS) 
Open Source Security (SCA) 
Secrets Security 
Infrastructure as Code (IaC) Security 
Careers 
Partners 
News 
Customers 
Resources 
Blog 
Cookies Notice
This site uses cookies to deliver services and to analyze traffic.
A dataset-free approach to leveraging LLMs for malicious code detection
Dive into Apiiro's breakthrough LLM-based free-text code search engine that identifies malicious code patterns without depending on large datasets.
Navigate uncharted risk across your software supply chain with Apiiro’s Risk Graph Explorer
Explore these five hard-to-find application and supply chain risks with ease using Apiiro’s Risk Graph Explorer.
Uncovering shadow GenAI frameworks in your codebase with Apiiro
Apiiro’s ASPM platform now automatically detects GenAI frameworks, so organizations have full visibility into privacy, data, and legal risk introduced by these frameworks.
LLM Code Authorship Detection: Unmasking Malicious Package Contributions
Apiiro’s security research team has developed a revolutionary approach for accurately connecting code segments—such as open-source packages or commits—by similarity.
CVE-2023-4863: Leverage Apiiro to determine risk from new WebP 0-day
A critical security flaw, CVE-2023-4863, has been identified in libwebp. Identify and prioritize instances of the new WebP 0-day that are most risky to your business with Apiiro—without runtime agents.
Self-enhancing pattern detection with LLMs: Our answer to uncovering malicious packages at scale
Our approach to identifying malicious open-source packages combines LLMs with proprietary pattern detection and self-enhancement to improve accuracy at scale.
The eXtended Software Bill of Materials (XBOM): A Game Changer for Application and Supply Chain Security
Introducing XBOM, our up-leveled approach to SBOM that provides unified visibility across all application and supply chain components, their connections, risks, and more.
Software supply chain attacks caused PyPI to temporarily suspend new users and projects
In response to overwhelming malicious activity, PyPI temporarily suspended the creation of all new users and projects.
Apiiro’s AI engine detected a software supply chain attack in PyPI
The Apiiro AI engine discovered a malicious Python package that is currently presented on the python PyPI package management portal.
Stop wasting your time on irrelevant changes while developing software
Find out how you can identify and fix material changes with Apiiro so your developers can focus on bringing more value to customers!
Dropbox developer account breached: 130 private repositories, secrets leak
The latest incident involves Dropbox and relates to exposed secrets from 130 private repositories belonging to the company.
OpenSSL 3.0.7: Newest vulnerability patch aftermath
The latest release of OpenSSL contains a patch for recent vulnerabilities and announced just a week ago on October 25th.
New OpenSSL critical CVE: What you need to know
A few days ago OpenSSL, the widely-used cryptography/TLS project released a very rare announcement that notified the public of an upcoming release of the project code that will fix a critical 0-day vulnerability. The release (OpenSSL version 3.0.7) is being released today and it is intended as a security fix for a critical vulnerability in […]
Inside Toyota’s secret leak from a supply chain vulnerability
A recent leak of almost 300,000 of Toyota's customer emails and control numbers showcases the risks of exposed secrets in code.
How to mitigate API risks during development
To effectively monitor security of APIs, you need to take the necessary steps and know what to look for in API code.
Detect application architecture drift early in the SDLC
Find out how to detect cloud-native application architecture drift and deal with it early in the SDLC.
Apiiro extends right! From code to runtime
Cloud has transformed the way development teams design, develop, build and deploy applications. Developers are moving fast and the number of changes and releases is increasing exponentially, as are the risks. In the era of cloud-native application development, the remediation lifecycle is getting longer and more complex because risks are distributed across design, code, open […]
What you need to know: 0-day vulnerability in Spring core framework (Spring4Shell)
What is Spring-Core remote code execution (RCE) vulnerability (“Spring4Shell”)? Here is what you should know.
Shift-left API security: Protect your APIs before releasing to the cloud
Learn how to shift left security and proactively fix API code risks early in the software development lifecycle.
Malicious Kubernetes Helm charts can be used to steal sensitive information from Argo CD deployments
Apiiro's Security Research team has discovered a major vulnerability in Argo CD platform (CVE-2022-24348).
Security during design isn’t just lip service: AppSec starts at the user story
AppSec starts at the user story. Since the speed of development has grown rapidly over the past few years, “security during design” is critical.
Developer intentionally corrupts npm libraries, exposing weaknesses in OSS supply chain security
A rogue developer intentionally corrupted npm libraries, showing the need for developer activity analysis in supply chain security.
Legacy SAST has grown stale: It’s time for a new approach
Static application security testing has been vital to AppSec programs for decades, but SAST lacks the context to keep up with DevOps.
Secure your SDLC to avoid being the source of a supply chain attack
Software supply chain attacks have changed AppSec. SolarWinds, Codecov, and more show a need for defense from design to code to cloud.
Part 1: What we learned about AppSec programs from the Twitch code leak
On Wednesday, Oct. 7 2021, an anonymous 4chan user claimed to have posted 125 GB of data from 6,000 internal Git repositories. Twitch confirmed the massive data leak, including source code and creator earnings, and stated that the breach was due to a “server configuration change”. While there will be many negative repercussions of this […]
From phishing to developers: What are the new attack vectors?
Developers are getting more responsibility and as a result, attackers can use developer identities to gain system access.
The secrets about exposed secrets in code
Understanding and remediating the risk of secrets in code cannot be done in isolation. Learn how to do both.
Detection and prevention of malicious commits to the PHP repository
This blog demonstrates some of Apiiro’s anomaly detection capabilities that are used by our clients to protect and secure their repositories.
Code risk is multi-dimensional: How to build an AppRisk program
A multi-dimensional approach to code risk analysis can optimize processes by focusing SDLC tools on the “changes that matter most.”
Detect and prevent the SolarWinds build-time code injection attack
Apiiro has developed a patent-pending technology to detect and prevent SolarWinds-style attacks before shipping binaries to production.
Top 5 tips to prevent the SolarWinds Solorigate supply chain attack
Consider how to identify risky material code changes and prevent them from being deployed in the first place.