StackHawk

The 2026 AppSec reality: 87% adopted AI coding assistants, but 50% spend 40%+ of their time just triaging alerts. 73% can't confidently answer board questions about risk posture. Learn more: stackhawk.com/blog/2026-stat… Download the guide: stackhawk.com/resources/guid…

Read what we learned from this success story: lnkd.in/gPefDB-f

One security engineer rolled out DAST to 40+ dev teams in two quarters. The verdict: the problem was never technical. It was a project management problem. Read the full story: lnkd.in/gXFapXtM

Bay Area AppSec, we'll be at the SF Secure Software and AppSec Summit on May 14 in Palo Alto. Learn more: clutchevents.co/events/san-fra…

StackHawk is now a @Wiz_io Integration Partner! StackHawk’s pre-production DAST findings flow directly into the Wiz Security Graph, where they are correlated with the cloud infrastructure context Wiz maintains. Application and cloud risk in one place. stackhawk.com/blog/stackhawk…

Every DAST vendor supports OAuth2, Jira, and OWASP Top 10. That's not an evaluation. Download our new DAST RFP template with 75+ criteria, the ones that actually separate tools. 🔗 stackhawk.com/resources/dast…

Security can't keep being the blocker. Joe Sullivan says the number one trait for the next gen security team is curiosity. @sgerlach's anti-pattern: needs procedures. Stays in the box. @StackHawk

It reads your repo. It doesn't send requests to your running app. That's not a gap that better models will eventually close. It's a category difference. Read the full blog here: stackhawk.com/blog/codex-sec…

OpenAI launched Codex Security in March. Real results. Previously unknown vulns in OpenSSH and Chromium. Most coverage stopped there.

Runtime testing is the check that closes the gap. StackHawk scans the running app in CI, feeds findings back to the agent as prompts, and you rescan to confirm the fix. All inside the same IDE. Full walkthrough: stackhawk.com/blog/github-co…

Copilot's coding agent learned from public codebases — including the ones with SQL injection sitting in them, weak auth that nobody caught, secrets committed by accident. It doesn't apply a security lens. It applies the patterns it saw most often.

MCP servers connect to production: your DBs, internal APIs, real services. Most ship with zero security testing. StackHawk now scans remote MCP servers. Add a config block, run HawkScan, findings map to specific tools, not raw protocol calls. stackhawk.com/blog/introduci…

Read the full breakdown here: stackhawk.com/blog/claude-co…

Cybersecurity stocks dropped for Claude Code Security. Rallied for Project Glasswing. Same category. Very different reactions. The difference isn't capability. It's that code analysis still doesn't send requests to your running app. Full breakdown 👇

AI pen testing isn't replacing DAST. It's replacing the $40k manual pentest you run twice a year. Different cadence, different scope, different job. Read the full breakdown of DAST vs. AI pentesting: stackhawk.com/blog/dast-vs-a…

StackHawk will be at @owasp SnowFROC '26 on April 16–17. 400 practitioners. Two days of talks and hands-on training. If you're going and want to talk about how AppSec programs actually keep up with AI development velocity, come find us🦅 snowfroc.com

That's a wrap on RSAC 2026. It was a packed week of dinners, workshops, and incredible conversations with the AppSec community. Big thanks to our partners, customers, and friends for making it one to remember. Check out Payton O'Neal’s full recap: stackhawk.com/blog/rsac-2026/

StackHawk is heading to @owasp BASC 2026 in Cambridge 🦅 April 11 at the Boston Marriott. We'll be there talking about how teams are running DAST and API security testing in CI/CD. Come find us! 🔗basconf.org

AI-generated code is changing where application security teams need to focus. At RSAC 2026, @ashimmy spoke with @StackHawk co-founders @joniklippert and @sgerlach about how the AppSec bottleneck has shifted from finding vulnerabilities to fixing them fast enough to keep pace with modern development. As code volume grows, the discussion centered on why auto-remediation inside the IDE is becoming increasingly important. They also explored how agentic testing can help engineering teams verify and remediate flaws without slowing the CI/CD pipeline. ▶️ Watch the full discussion: buff.ly/qrTmYUB #AppSec #AI #DevSecOps #SecureCoding #CI_CD

On the night before SnowFROC 🏔️ We're joining @semgrep, @SheHacksPurple, and OWASP for a panel on AI agents in AppSec. Register here: semgrep.dev/events/agentic…

@StackHawk's Scott Gerlach and @semgrep's Kyle Northcutt got into a room at #RSAC2026 and talked about code velocity, vibe coders, AI budgets, and why sitting on the bench isn't an option anymore. Watch the full video here: youtu.be/nbsOae30PWg