This guide shows how to install the open‑source OpenOcta AI Skill on Kali Linux, then use it to automate the four‑stage Chinese graded‑protection (等保) assessment—including information gathering, vulnerability scanning, exploit verification, and full compliance report generation—without manual configuration.
DrozerForge is a Python tool that parses an app's AndroidManifest.xml, automatically discovers security‑relevant components such as risky global settings, exported activities, deep‑link URLs, services/receivers, and content providers, and then prints ready‑to‑run Drozer commands for each finding.
At RSAC 2026, ProjectDiscovery launched Neo, an AI‑powered, end‑to‑end autonomous penetration testing platform that integrates 30+ security agents, delivers verifiable exploits, and outperformed traditional scanners by finding 66 vulnerabilities—including 24 unseen by any other tool—in three AI‑generated full‑stack applications.
A joint study by Wiz and Irregular pits leading LLM agents against a senior pentester across ten real‑world vulnerability scenarios, revealing that AI can breach nine targets at under $10 per attack yet still lags in tool usage, creative reasoning, and prioritisation, offering crucial insights for security professionals.
PentAGI is an open‑source, AI‑driven penetration testing platform released by VXControl in early 2025 that automatically orchestrates over twenty security tools—including Nmap, Metasploit, sqlmap—and generates comprehensive reports within isolated Docker environments, offering advanced agent architecture, real‑time intelligence gathering, and scalable deployment options.
Anthropic’s limited‑preview Claude Code Security, an AI agent that reads and patches code, triggered a sharp sell‑off in major cybersecurity stocks, while its ability to uncover hundreds of hidden bugs raises questions about the future role of traditional security firms and junior analysts.
BugTrace‑AI is an open‑source suite that combines generative AI with SAST, DAST, and specialized reconnaissance and payload tools to automate vulnerability hypothesis generation, streamline scanning, and provide actionable reports, all delivered through a lightweight React interface and Docker deployment.
This article explores the evolution of security alert automation from manual verification to SOAR and AI-driven solutions, detailing MCP-based AI agents, integration with various security tools, practical case studies of honey‑pot, HIDS, and EDR alert tracing, and the resulting efficiency gains and future outlook.
Since 2016, Alipay's security team has built the Alipay‑SDL 1.0 framework and now integrates AI and large‑model technologies to automate risk identification, enhance security tools, and streamline operations across the entire software development lifecycle, addressing rising business complexity and engineer workload.
An in‑depth exploration of a Multi‑Agent AI system that automates SDLC white‑box vulnerability management, detailing industry‑standard processes, the system’s architecture, specialized agents, prompt engineering, tool integration, and real‑world results that boost audit efficiency and accuracy while enabling true security left‑shift.
This article walks through two real-world security flaws—a high‑risk SQL injection and a medium‑risk stored XSS—showing how the CodeBuddy AI assistant can automatically detect, analyze, and remediate them with prepared statements and CSP enhancements, while explaining the underlying concepts and best practices.
At the 21st GOPS Global Operations Conference in Shanghai, Shenwan Hongyuan Securities' application security lead Wang Biansi detailed a step‑by‑step 100‑day journey to create a DevSecOps sample room, covering goal setting, research, platform design, tool integration, and security training.
This article explains how ICBC's software development center integrated DevSecOps practices—embedding security awareness, automating toolchains, and using metric‑driven assessments—to reduce vulnerabilities, lower compliance risk, and support a cloud‑native, secure smart‑banking ecosystem.
The 2022 Cloud Native Security State Report reveals that while enterprises increased cloud usage by over 25% during the pandemic, many face security and compliance challenges, and highlights how strong security posture, DevSecOps integration, and automation dramatically reduce friction and boost operational efficiency.
This article details the evolution, architecture, and key technologies of Ant Group's anti‑intrusion platform, explaining how it handles trillion‑level data streams for intrusion detection, performs multi‑dimensional risk assessment and attribution, and enables rapid, automated security incident response across massive enterprise environments.
This article examines injection vulnerabilities in Java template engines Velocity, FreeMarker, and Thymeleaf, details payload extraction, demonstrates how to generate automated detection rules and security operation capabilities, and discusses future directions for comprehensive attack‑chain analysis.
In a detailed interview, XMirror Security founder Zi‑Ya discusses the origins of his team, the core elements of DevSecOps, the innovative code‑vaccine technology combining IAST and RASP, maturity stages of development security in China, and future trends in software‑supply‑chain security.
iQIYI’s SOAR platform, built on StackStorm and the Walkoff visual editor, integrates security components, scripts, chat‑ops bots, and a mini‑program to automate detection and response, cutting MTTR by roughly 75% across high‑frequency routine tasks and low‑frequency critical incidents while planning broader coverage and knowledge‑base expansion.
OPPO’s security team outlines its DevSecOps transformation, detailing how security and privacy activities are embedded across product lifecycles—from requirement reviews and automated CI/CD scans to comprehensive protection layers, cultural initiatives, external collaborations, and continuous improvement to meet global compliance challenges.
The article recaps the fourth Enterprise DevOps Empowerment conference, highlighting DevSecOps as the core theme, expert presentations from China Academy of Information and Communications Technology, Huatai Securities, and Tencent, and a detailed Q&A covering threat modeling, security automation, scanning practices, and operational integration.
This article explains how to embed static application security testing (SAST) into a DevSecOps CI/CD pipeline by defining five essential checkpoints—pre‑commit, commit‑time, build‑time, test‑time, and deployment—covering purpose, benefits, handling false positives, result merging, custom rule sets, and automation strategies.
The article outlines how the 2018 automation wave is reshaping IT by accelerating network, infrastructure, cloud, and security processes, highlighting tools like Terraform, Ansible, SDN solutions, and DevSecOps practices, and urging organizations to adopt DevOps‑style automation to stay competitive.
