we45

"You can't scan your way out of bad security design" Is something I hear a lot from some of my biggest customers. They get it. Security needs to be baked in. Not sprinkled on as an afterthought. Even before vibe-coding this was hard to do. Teams struggled with security design reviews and threat models continuously as part of their backlog. I know firsthand. I helped build out "story-driven threat modeling" as a practice area. With vibe-coding, that problem has now gone turbo. Agents are writing code at massive scale. Developers really dont know what is being written. The whole system leads to a perfect storm of bad security decisions that compound downstream effects adversely. "We can run SAST on every commit", some people say. Yes, you can. But you'd then be inundated with security issues in code. But even if it were effective, is it enough? What about issues with your authorization design? The way you've implemented cryptography? The approaches you've taken to do validation? Have you implemented validation even? This is why vibe-coding needs vibe-security reviews. This happens when your AI IDE/Agent includes the capability to perform threat models and security reviews for the features you type into your agent as a prompt. It should analyze the security impact of it using methodology built for agents (our PWNISMS approach) and write code based on a plan that has security baked in. This is why I feel SecurityReview-Kit from @secreview_ai is so powerful. It helps you in Agent mode, it helps you design secure features in Planning mode across IDEs like @cursor_ai . Our latest drop on Ship-Week. I bring you SecurityReview-Kit

First on the list in our Ship Week is our new PTaaS offering from @we45 . We take App Pentesting to the next level with a combination of ai offensive threat modeling + ai native pentesting delivering high quality, web and API pentesting as a service. Take a look! Give us a shout if you’d want one. Our customers have started using our O2 platform and results have been very positive!

YouTube

Claude Code is powerful — but only if it’s secured properly. @abhaybhargav breaks down permissions, sandboxing, MCP tools, and how to threat model @claudeai Code and the Claude Agent SDK. If AI writes and runs code, it needs a security model. youtu.be/0UrYqScyjLE

The Innovation of the Year Award goes to the individual or team who uses unique approaches to succeed through innovation and risk-taking and/or creating an open-source tool of significant value. This year's Community Winners are the team for @secreview_ai! Congratulations! 👏 #SANSDMA