StackHawk

The 2026 AppSec reality: 87% adopted AI coding assistants, but 50% spend 40%+ of their time just triaging alerts. 73% can't confidently answer board questions about risk posture. Learn more: stackhawk.com/blog/2026-stat… Download the guide: stackhawk.com/resources/guid…

AI pen testing isn't replacing DAST. It's replacing the $40k manual pentest you run twice a year. Different cadence, different scope, different job. Read the full breakdown of DAST vs. AI pentesting: stackhawk.com/blog/dast-vs-a…

StackHawk will be at @owasp SnowFROC '26 on April 16–17. 400 practitioners. Two days of talks and hands-on training. If you're going and want to talk about how AppSec programs actually keep up with AI development velocity, come find us🦅 snowfroc.com

That's a wrap on RSAC 2026. It was a packed week of dinners, workshops, and incredible conversations with the AppSec community. Big thanks to our partners, customers, and friends for making it one to remember. Check out Payton O'Neal’s full recap: stackhawk.com/blog/rsac-2026/

StackHawk is heading to @owasp BASC 2026 in Cambridge 🦅 April 11 at the Boston Marriott. We'll be there talking about how teams are running DAST and API security testing in CI/CD. Come find us! 🔗basconf.org

AI-generated code is changing where application security teams need to focus. At RSAC 2026, @ashimmy spoke with @StackHawk co-founders @joniklippert and @sgerlach about how the AppSec bottleneck has shifted from finding vulnerabilities to fixing them fast enough to keep pace with modern development. As code volume grows, the discussion centered on why auto-remediation inside the IDE is becoming increasingly important. They also explored how agentic testing can help engineering teams verify and remediate flaws without slowing the CI/CD pipeline. ▶️ Watch the full discussion: buff.ly/qrTmYUB #AppSec #AI #DevSecOps #SecureCoding #CI_CD

On the night before SnowFROC 🏔️ We're joining @semgrep, @SheHacksPurple, and OWASP for a panel on AI agents in AppSec. Register here: semgrep.dev/events/agentic…

@StackHawk's Scott Gerlach and @semgrep's Kyle Northcutt got into a room at #RSAC2026 and talked about code velocity, vibe coders, AI budgets, and why sitting on the bench isn't an option anymore. Watch the full video here: youtu.be/nbsOae30PWg

StackHawk CSO & Co-founder Scott Gerlach is joining @semgrep at RSAC for an interactive demo. When: March 25, 10 AM PT in SF Can't make it? Catch us at Semgrep's booth #1743 on March 24 at 11 AM PT for an in-person demo on the floor. Register here: semgrep.dev/events/sast-da…

The Women in Security Documentary is an award-winning film on the real stories behind women shaping the security industry. The San Francisco premiere is a red carpet event at AMC Metreon 16 on March 24 and 25 at 4 PM PT. Register here: docs.google.com/forms/d/e/1FAI…

JSON-RPC powers blockchain, IoT, MCP, and most DAST tools completely ignore it. The attack surface hides in the method namespace, not the URL. StackHawk now fuzzes every method, every parameter. REST, GraphQL, gRPC, and now JSON-RPC. We test it all. stackhawk.com/blog/json-rpc-…

Joe Sullivan (former CSO at Uber, Facebook, and Cloudflare) is leading a fireside chat at RSAC. StackHawk is co-hosting with @EndorLabs, Cyberhaven, and @brinqa . Learn more and RSVP here: endorlabs.com/events/ciso-ba…

We’re excited to welcome Regional Sales Director Suzy McClure to the team! Suzy has spent 15+ years in SaaS and cybersecurity sales, with deep channel experience at every stop. Welcome to the flock, Suzy!

We're a proud sponsor of PBC Connect at RSAC 2026 with ArmorCode Inc. The Purple Book Community is bringing together CISOs and security leaders for a full day of panels and networking at RSAC. Register for free here: thepurplebook.club/pbc-connect-rs…

Joe Sullivan sits down with Adam LaGreca of 10KMedia to discuss how AI is reshaping application security. 🎧 Listen to the full podcast here: open.spotify.com/episode/6w0JTN…

Get Joe’s full take on why he’s excited to be joining StackHawk’s BOD: stackhawk.com/blog/joe-sulli…

Joe Sullivan's word for 2026: runtime. He led security at Meta, Uber, and Cloudflare. His read: AI tools are solving code-level security. Runtime is what’s needed. That's exactly what StackHawk is built for. And that’s why he's joining our board. Welcome, Joe!

Copilot. Cursor. Full APIs in an afternoon. New endpoints. New attack surface. Nothing in any spec. Security testing not in the pipeline doesn't run at all. The AI-DLC changed everything → stackhawk.com/blog/what-is-t…

StackHawk is proud to be named a DAST Innovator in the report, and we think the timing says as much as the recognition. 🔗 Get the full report: latio.com/downloads/2026…

DAST has played second fiddle for years. Too slow. Too clunky. Too late in the development lifecycle to operationalize at scale. @latiotech's 2026 AppSec Market report confirms AppSec tool success criteria should focus on time to fix, not number of findings.

Where you run DAST determines what you can actually test for. No single stage catches everything. Each one tests what the others can't. That only works if your scanner can actually run at every stage. That's the architecture StackHawk was built on. stackhawk.com/blog/dast-in-s…