📣📣📣 The Boring AppSec Podcast Ep. 22 is out with Ken Johnson (Co-Founder and CTO DryRun Security )! I really enjoyed this conversation with Sandesh Anand and Ken as all of us have been building in the AI space for some time now and have stumbled upon similar blockers and

CodeRabbit RCE wasn’t prompt injection—it was tool execution + isolation drift + secrets exposure. We’ve stumbled too (IDOR in closed beta), which is why our sandboxed approach avoids this class of risk. 🔗Read more: na2.hubs.ly/y0S7hz0

Get superhuman visibility into your security posture, architecture, and more! Announcing DryRun Security Code Insights MCP. Now you can ask your code what changed and why: 👉 “Hey DryRun, are there any new admin endpoints this week?” 👉 “Which PRs touched auth or payments?”

From alert to assurance in minutes. CTO and Co-founder Ken Johnson walks through how DryRun Security Code Insights MCP helps teams investigate NPM supply chain threats without manual toil, saving hours of effort. Teams use Code Insights MCP to move faster during incidents and

Thrilled to team up with SecDim to connect DryRun Security contextual risk insights with hands-on secure coding labs. This helps engineering teams turn findings into learning and fixes faster. Thanks, Pedram, for this innovative use case for the DryRun MCP!

Stop writing policies like it’s 2015. We use natural language and an agentic approach to understand code context in every PR so your AppSec is fast, accurate, scalable. Read more about each step of our journey at dryrun.security/blog/how-we-tu…

Huge thanks to the LASCON volunteer team (incredible hosts) and to everyone who stopped by our booth for great #appsecurity conversations. If you missed it live, catch James Wickett's talk "Out of Control: Promise Theory and the Future of Code Security Agents" slides here:

It worked…sometimes. The “it” being our early “Behavioral Questions” prototype (YAML + a slice of code context) that was the first answer to the question: What if you could ask a security question IN PLAIN ENGLISH “Does this change modify authentication logic?” AND get an

Would you trust a pitcher calling their own pitches (especially if you’re on the opposing team)? Definitely not. You’d want an unbiased call. Frontier LLM assistants are phenomenal at writing code but they shouldn’t be your security authority. In this post, we break down why

Yes to AI code review. Bigger yes to CSA that closes the gaps.