Qix NPM Supply Chain Attack: What Teams Need to Know
Responder Resources
Latest
Unpacking the 2025 AI Security Acquisitions
0:00 /0:15 1× Over the last few months, we’ve seen an onslaught of AI Security acquisitions - all at strong margins for investors. One might look at these and think they’re all the same, but each actually tells a slightly different story. We just published an
2025 Latio AI Security Report
Bringing clarity to the marketing madhouse
What's a Runtime CNAPP?
An honest product review on Sweet Security highlighting the the pros and cons of their platform
Episode 4: What's the Deal with Hardened Containers
Explaining what containers are and aren't, and how to use them
Episode 3: Digging into eBPF for Security
Date: May 12, 2025 Guest: Daniel Pacak (Software Engineer, Miggo) Hosts: James Berthoty, Charrah Hardamon Topic: Building Real Runtime Security with eBPF In this episode, we go deep on eBPF and what it actually takes to build reliable, performant runtime detection, beyond the buzzwords. James and Charrah are joined by
Top RSAC 2025 Takeaways
The key takeaways after attending RSAC 2025 for practitioners and buyers
Part 3: Understanding the Different Types of Runtime Reachability
Pt. 3 of our runtime reachability series uncovers the different types of runtime reachability
Runtime Cloud Security in 2025
Unpacking Runtime Cloud Security in 2025, explaining CADR with use cases, and more
Episode 2: tj-actions and the Supply Chain Scaries
Featuring: * Rami McCarthy @ Wiz * Shay Berkovich @ Wiz * Charrah Hardamon @ Miggo * James Berthoty @ Latio In this conversation, we discuss the TJ Actions incident, a significant supply chain vulnerability affecting GitHub Actions. They explore the implications of a single maintainer's code being widely used, the community's response to
What is Code to Cloud, and Does it Matter?
This post covers what code to cloud is, if it's important, and why it should matter
Episode 1
Cloud Runtime Security
Market Reports
Wiz Acquisition: Winners, Losers, and the Multi-Cloud...Future?
In this blog, we give a nuanced perspective on Google’s 32 billion dollar Wiz acquisition - one that clearly communicates who wins and loses
Market Reports
Supply Chain Security is FUBAR - A Proposal for GitHub
Three things GitHub could do to vastly improve security capabilities
Market Reports
Understanding and Re-Creating the tj-actions/changed-files Supply Chain Attack
Another reason runtime security is so important, and patching ain't what it seems
Market Reports
The Great CNAPP Re-bundle
In this article, we discuss Check Point and Palo’s transitions are an acknowledgement that the fight for the “posture” side of CNAPP is are over
Report
2025 AI AutoFixing Tools Guide
Evaluating the AI AppSec Engineering Hype
Blog
Announcing OpenGrep
And the importance of a commoditized SAST
Blog
Wiz Defend-ing Their Flank
An early preview of Wiz Defend, and the next 5 years of runtime focused CNAPP
Blog
Part 2: Static vs Runtime Reachability
Part 2 of our reachability 3 part series explores the pros and cons of two emerging types of reachability
Technical Guides
How to do Vulnerability Prioritization
A helpful guide to help teams understand what goes into choosing what to fix and when
Technical Guides
Why and How to Implement Seccomp Policies
Explaining the use cases and how to implement an under-discussed Kubernetes feature
Product Reviews
What do I think about Wiz Code?
Answering my most received question from the last 2 weeks
CUPS Vulnerability Response Resources
Resources and analysis on the latest zero days: CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177