Your AI Patches Still Break Production? The Fix Isn’t a Better Model, It’s a Better Workflow.

In our previous post, we showed how general-purpose AI coding assistants produce vulnerability patches that compile, pass tests, and still break production. The data was clear: a persistent ~20% defect rate across compatibility, correctness, and precision – not because the models can’t code, but because they skip the critical step of understanding the APIs deltas. […]

CVE-2025-68664: A Case Study in How AI Agent Velocity Is Stress-Testing Vulnerability Management

The proliferation of AI Agents is creating a “Vulnerability Gold Rush.” While developers are racing to ship features using LangChain, LiteLLM, and the new Claude/OpenAI SDKs, the underlying libraries are evolving so fast that security patches are frequently entangled with massive breaking changes. For an organization running dozens of agents, this isn’t just a maintenance […]

Episode 5 – Fix Everything Eventually

In this episode of Backline Unfiltered, we sit down with Mike Geehan, Head of Security Compliance & Corporate IT at Cockroach Labs, for a candid conversation about the realities of modern security — far beyond checkboxes and compliance reports.

Stop the whack-a-mole game: Turning npm Supply-Chain Chaos into Automated Remediation

In the span of a few weeks, the JavaScript ecosystem has been hit by back-to-back software supply-chain incidents. First came the s1ngularity/Nx compromise in late August. Then, this week, the Shai-Hulud campaign arrived with a twist: a self-replicating, worm-style payload that moved quickly through the npm ecosystem. Public write-ups from SCA and CNAPP vendors have […]