Cybersecurity company Snyk announced the launch of Snyk API & Web, a new dynamic application security testing or DAST solution designed to meet the growing demands of modern and increasingly AI-powered software development. The new service integrates technology from Probley, a startup acquired by Snyk into Snyk’s application security platform. The technology unifies critical AppSec testing techniques into a single developer security platform. The DAST service seeks to assist in dealing with risks that can occur when businesses increasingly leverage generative AI and use APIs to bridge the gap between LLMs and the applications they fuel. Snyk argues that APIs introduce vulnerabilities that can expose AI models to significant risks, jeopardizing the security of entire software supply chains. Snyk API & Web offers a robust solution for developers and AppSec teams to proactively discover, inventory and secure API vulnerabilities before they become threats. The new service offers tools designed to simplify DAST for developers and security teams. The inetgration also leverages AI-driven capabilities to detect vulnerabilities that are often missed by conventional methods. This makes the solution especially useful in fast-paced development environments where speed and accuracy are paramount. API & Web also includes an AI-powered API Security Testing engine that uses generative AI and traditional machine learning models. The engine helps developers better map the growing API attack surface and automate the process of scanning for vulnerabilities.
Entro Security’s gen AI adds context to exposed secrets and non-human identity risks by creating structured, natural language summaries and auto-classifying each finding based on metadata
Entro Security, unveiled a set of GenAI capabilities that bring more context, clarity and control to exposed secrets and NHI-related risks across enterprise environments. The new engine, powered by large language models (LLM), enriches Entro’s security findings with structured, natural language summaries. Each finding is automatically classified based on metadata and context, making it easy for security teams to understand what each NHI does, where exposed secrets live and what’s at risk. This release builds on Entro’s previously launched GenAI ownership attribution model, which automatically assigns a human owner to each exposed secret or NHI using a smart multi-source hierarchy. Together, these capabilities drive faster triage, smarter remediation and clearer accountability across the NHI lifecycle. Entro’s platform now leverages explainability to provide generated summaries for secrets findings – classifying the target service , implementation type, potential purpose and more. Security teams no longer need to chase down vague pattern matches across environments or guess what the unknown secret is doing. The GenAI engine also automatically reduces noise, enables smarter and faster remediation, built for scale and compliance.
Automated code review platform Coana allows security teams to determine whether identified vulnerabilities in a codebase are actually exploitable by constructing detailed call graphs through static control-flow analysis
Supply chain security startup Socket has acquired cloud-based automated code review software startup Coana ApS for an undisclosed sum. Coana’s offerings include reachability analysis, a method that determines whether identified vulnerabilities in code dependencies are actually exploitable within a specific application. The approach involves constructing detailed call graphs through static control-flow analysis to identify which parts of the code are reachable and which are not, allowing developers to focus on genuine threats. The startups says its methodology significantly reduces false positives by over 80% compared with traditional software composition analysis tools by filtering out irrelevant alerts to allow security teams to prioritize and remediate critical vulnerabilities more efficiently. The technology can be easily integrated into existing development workflows and works on-premise without the need for complex configurations, according to the company. Coana will bring powerful static control flow and call graph analysis to Socket’s platform, allowing teams to prioritize vulnerabilities based on whether they’re actually exploitable in a given codebase.
Startup Sentient’s new system for deploying AI applications in Trusted Execution Environments uses confidential computing to ensure full data isolation, verifiability and attestation
Peter Thiel-backed AI development startup Sentient is looking to differentiate itself in terms of security with the launch of a new system for deploying AI applications in Trusted Execution Environments. The new Sentient Enclaves Framework v0.70 brings the concept of “confidential computing” to AI development. It’s meant to ensure full data isolation, verifiability and attestation for AI applications, the company said. It uses Amazon Web Services Inc.’s AWS Nitro Enclaves technology to ensure that neither AWA nor the host system is able to access or modify AI workloads. In that way, it says, it provides rock-solid guarantees around AI data security. The Sentient Enclaves use AWS Nitro as a foundation to ensure that applications run as intended, without any possibility of nefarious actors making unauthorized modifications. They’re fully open source too, meaning they’re accessible to anyone who’s interested in using them. With Sentient’s platform, developers can work together on the development of open-source large language models that rely on shared datasets and decentralized computing resources. Its platform is built on blockchain technology, and its ecosystem uses cryptocurrency to reward participants based on their contributions.
MoneyThumb’s AI enables the authentication of third-party PDF documents to analyze structural, metadata, and content-based patterns
MoneyThumb, a leader in automated document evaluation and fraud detection solutions, was awarded a U.S. patent for its Thumbprint product, an AI-driven technology that enables the authentication of third-party PDF documents. MoneyThumb’s Thumbprint patented technology leverages AI and advanced algorithms to analyze structural, metadata, and content-based patterns within PDF files. By identifying subtle discrepancies and inconsistencies, Thumbprint® helps detect fraud with its AI file tampering detection scoring model that identifies fraudulent activity in seconds, giving funders a powerful defense against risk and loan losses. Ryan Campbell, chief executive officer of MoneyThumb said “By formally protecting our IP, we’re not only strengthening our unique approach but also advancing the fight against digital document fraud across industries like lending, finance, law, and real estate.” MoneyThumb is transforming the lending industry by leading the shift from manual document processes to full automation. Its advanced technology streamlines data extraction and analysis, enabling funders to make faster, more accurate decisions.
MoneyThumb’s AI enables the authentication of third-party PDF documents to analyze structural, metadata, and content-based patterns
MoneyThumb, a leader in automated document evaluation and fraud detection solutions, was awarded a U.S. patent for its Thumbprint product, an AI-driven technology that enables the authentication of third-party PDF documents. MoneyThumb’s Thumbprint patented technology leverages AI and advanced algorithms to analyze structural, metadata, and content-based patterns within PDF files. By identifying subtle discrepancies and inconsistencies, Thumbprint® helps detect fraud with its AI file tampering detection scoring model that identifies fraudulent activity in seconds, giving funders a powerful defense against risk and loan losses. Ryan Campbell, chief executive officer of MoneyThumb said “By formally protecting our IP, we’re not only strengthening our unique approach but also advancing the fight against digital document fraud across industries like lending, finance, law, and real estate.” MoneyThumb is transforming the lending industry by leading the shift from manual document processes to full automation. Its advanced technology streamlines data extraction and analysis, enabling funders to make faster, more accurate decisions.
Augur’s threat prevention platform uses AI and behavioral modelling to analyze global internet infrastructure to detect the earliest signs of malicious intent, months before attacks go live
Augur, the AI-powered threat prevention company, has raised $7 million in seed funding, to expand the development of its industry-first predictive threat prevention platform that uses AI to monitor global internet activity, profile attacker behaviors, and map attack infrastructure. Augur’s platform identifies attack infrastructure setup months in advance of it being weaponized, on average. Augur moves first, identifying malicious infrastructure during setup, months before it’s used, providing actionable foresight. The solution integrates seamlessly into customer environments, autonomously identifying threats and coordinating responses through existing security controls. Using AI and behavioral modeling, the Augur platform analyzes global internet infrastructure to detect the earliest signs of malicious intent, months before attacks go live. With a near-zero false positive rate (0.007%), Augur identifies attack infrastructure, enabling security teams to act early, automate enforcement, and shut down attacks before they start. With Augur, security teams retain full control, whether autonomously blocking threats or surfacing critical intelligence for human review. Augur has repeatedly demonstrated its ability to shield customers from landmark cybersecurity incidents with far-reaching consequences—identifying attack infrastructure long before exploitation begins: APT 29 supply chain attack on SolarWinds; DarkSide ransomware attack on Colonial Pipeline; Multiple threat actors exploiting the Log4j vulnerability; Cl0p ransomware group exploiting the MOVEit vulnerability; Volt Typhoon attacks on US critical infrastructure; UNC5537 breach of Snowflake; ALPHV/BlackCat ransomware attacks on Change Healthcare and Load Depot
Dashlane’s AI security platform intelligently detects and alerts end users when they visit a malicious website to tackle AI-powered phishing and shadow IT and uses zero-knowledge encrypted vault for secure credential management
Credential security and password management company Dashlane unveiled Dashlane Omnix, a new AI-accelerated credential security platform to tackle AI-powered phishing and shadow IT by unifying proactive intelligence, real-time response and protected access to provide businesses with complete credential security across their workforce. The service also includes new capabilities that equip security teams to pinpoint and expedite responses to credential threats. Dashlane Omnix addresses the entire lifecycle of a credential-based threat, from the initial detection of a compromised credential to alerting to drive user remediation and ongoing credential management. The platform employs a pretrained AI model to intelligently detect and alert end users when they visit a malicious website, serving as a last line of defense against phishing. The platform offers enterprise credential management through a zero-knowledge encrypted vault that allows users to securely store, share and manage credentials, even those outside of SSO coverage. Using Omnix, IT teams can enforce security policies and monitor credential health, with the platform also working with existing tools for a more complete view of access risks. Omnix also features in-browser security via the Dashlane Smart Extension, giving real-time insights into credential activity within browsers and across shadow IT. Chief Executive John Bennett said, “The power of Omnix lies in its pairing of unparalleled insights with action to truly impact behavior and give enterprises the means to build long-term resilience and improve overall security.”
Jericho’s cybersecurity training platform employs generative AI to create hyper-realistic, sector-specific phishing simulations that mimic real-world scenarios, and are dynamic and personalized
AI- powered employee cybersecurity training startup Jericho Security specializes in AI-driven cybersecurity training that focuses on empowering employees to recognize and respond to evolving cyber threats. The company argues that as threat actors employ increasingly sophisticated tactics, companies understand that the best defense against outside attacks is their own employees. Jericho’s platform employs generative AI to create hyper-realistic phishing simulations that mimic real-world scenarios, enhancing the training experience. The simulations are designed to be dynamic and personalized, adapting to the specific needs and roles within an organization. The training modules offered by Jericho are tailored to address the unique challenges faced by various industries, including healthcare, technology and government sectors. The modules use customized content to meet the specific requirements of each industry to ensure that employees are prepared to handle sector-specific cyberthreats effectively. Jericho also provides a comprehensive cybersecurity dashboard that allows organizations to manage their security efforts from a single platform. The dashboard allows for the creation and scheduling of phishing simulations, delivery of custom training content and monitoring of employee performance through detailed analytics.
SquareX’s browser extension can block detection-evasive last mile reassembly attacks that disguise browser-borne malware by splitting it into multiple code snippets
SquareX Ltd., a startup with a browser extension that can detect and block obfuscated malware, has raised $20 million in funding. SquareX’s browser extension promises to help enterprises protect employees from malicious websites, phishing campaigns and other online threats. The extension provides features for blocking so-called last mile reassembly attacks. Those are cyberattacks that disguise browser-borne malware by splitting it into multiple code snippets. Because the individual snippets are harmless on their own, they have a higher chance of evading detection by antivirus tools. The malware resembles itself after the code fragments are downloaded onto the user’s device. In some cases, last-mile reassembly attacks use LSB steganography to further complicate detection efforts. LSB steganography is a data storage method that can be used to encode malicious code into images, which often aren’t scanned by cybersecurity tools. Once a malware-laden image is downloaded by a user, a script extracts the malicious code and runs it. SquareX says that its browser extension can spot such attacks as well. According to SquareX, its browser extension removes macros from Office documents to delete any malicious code they may contain. When the extension blocks a malicious program, it sends the file to a cloud-based sandbox where administrators can study it. SquareX provides more than 20 malware analysis tools to ease the process. SquareX can be configured to block password sharing across applications, data entry into unauthorized applications and other risky practices. It’s also possible to create a list of approved browser extensions and automatically block plug-ins that are not on the list.