GitHub’s recent updates signal a fresh landscape for AI SAST and auto-remediation startups. GitHub is rolling out strong products in this category and, with its unmatched distribution channel, competing with them on their own ground is becoming increasingly difficult. James Berthoty, co-founder of Latio, published a detailed analysis of these changes on Latio’s blog and it is worth reading. We also covered this topic from a different angle earlier this year.

Supply Chain Alert: Amazon security researchers uncovered 150,000+ malicious npm packages in a massive “token farming” campaign abusing the tea.xyz rewards system. Unlike typical malware, these packages used automated scripts and circular dependencies to fake downloads and earn crypto. This flood of junk polluted the registry, wasting CI/CD resources and burying legitimate packages, a new kind of supply chain risk driven by financial incentives, not exploits. We reported on this supply chain attack in our previous issues.

Takeaway: Not every supply chain attack ships malicious code. Watch for download anomalies, enforce source integrity, and lean on efforts like OpenSSF’s malicious package database as attackers get more creative.

Veracode’s State of Software Security 2025 report warns that organizations are drowning in security debt, unresolved vulnerabilities that keep piling up. Average fix times have ballooned to 252 days (a 47% jump in five years), and half of organizations now carry critical flaws left open for over a year. Most of this long-lived risk (about 70%) comes from third-party and open-source components, not first-party code. While developers are introducing fewer new severe bugs, old vulnerabilities in dependencies linger and compound over time.

The takeaway: AppSec teams need to double down on open-source governance, SCA/SBOM adoption, and measurable goals to shrink aged criticals, turning “security debt” from a hidden liability into an explicit performance metric.

Parsia Hakimian’s post, “WTF is AI-Native SAST?”, pushes back on the idea that bolting LLMs onto legacy scanners makes a tool truly AI-native. He argues that AI-native static analysis should be architected around structured code understanding, not just prompt wrapping AST output. Parsia points out where traditional SAST still falls short: logic flaws, misuse of authorization boundaries, and inconsistent reasoning around code intent. AI could help, but not without tradeoffs like high inference costs, hallucinations, and brittle results. Instead, he sketches a hybrid approach: traditional tools build the structured graphs, while AI enriches, triages, and reasons on top. Worth a read if you’re tracking the next evolution of code analysis.

In his post “Hacking with AI SASTs”, Joshua Alexander Rogers puts a handful of AI-native static analysis tools to the test and finds promising results. Tools like ZeroPath were able to uncover deep logic bugs, spec violations, and intent mismatches in open-source projects that traditional SAST often misses. Still, he’s clear-eyed about the limitations: inconsistent outputs, missed findings, setup friction, and the need for human guidance. Rogers doesn’t see these tools as magic, but as force multipliers — useful amplifiers that expand a skilled analyst’s reach, not replace them. Worth reading if you’re thinking about bringing AI SAST into your workflow.

OpenSSF pushes supply‑chain maturity with OSPS Baseline. During the “Supply Chain Reaction” talk at KubeCon + CloudNativeCon North America, OpenSSF introduced the Open Source Project Security (OSPS) Baseline.  The framework provides eight control families and three maturity levels for open‑source projects , encouraging maintainers to measure and improve their security posture.

Bay Area OWASP December Meetup – On December 9, the Bay Area OWASP chapter will host a free meetup in Mountain View. Doors open at 5 PM for networking, food and drinks, followed by chapter introductions and a trio of talks exploring AI‑driven AppSec. The sessions cover redesigning data‑security architecture for the AI era, what LLM‑based coding tools teach us about input‑handling flaws and crash risks, and how to rethink breaking changes in security upgrades when machine‑learning models are in play.

What happened: Attackers compromised OAuth tokens for a third‑party app (Gainsight) connected to Salesforce, leveraging the integration to access customer data without exploiting Salesforce’s core platform. Salesforce responded by revoking all Gainsight tokens and pulling the app from its marketplace while investigating.

Why it matters: Trusted SaaS integrations can become backdoors. Even if your core platform is secure, a weak link in an integrated app can expose large datasets. For AppSec teams, this means your threat surface extends beyond code and infrastructure to include OAuth scopes, trusted apps, and the security hygiene of vendors and partners.

AppSec Takeaway:

AI agents are introducing a new paradigm where software makes decisions and takes actions on behalf of users. This shift creates serious security risks, especially around identity, access, and trust. Keycard is tackling this head-on with an IAM platform built specifically for AI agents. The company came out of stealth in October with thirty-eight million dollars in seed and Series A funding led by a16z. Congratulations to Ian Livingstone and the team at Keycard. We are looking forward to seeing how they advance security for the agent ecosystem.

Thanks for reading The AppSec Signal, DevArmor’s newsletter for security professionals. Have feedback or ideas for what we should cover next? Feel free to reach out - Hello at devarmor dot com