Your AI Patches Still Break Production? The Fix Isn’t a Better Model, It’s a Better Workflow.
In our previous post, we showed how general-purpose AI coding assistants produce vulnerability patches that compile, pass tests, and still break production. The data was clear: a persistent ~20% defect rate across compatibility, correctness, and precision – not because the models can’t code, but because they skip the critical step of understanding the APIs deltas. […]
Episode 5 – Fix Everything Eventually
In this episode of Backline Unfiltered, we sit down with Mike Geehan, Head of Security Compliance & Corporate IT at Cockroach Labs, for a candid conversation about the realities of modern security — far beyond checkboxes and compliance reports.
Stop the whack-a-mole game: Turning npm Supply-Chain Chaos into Automated Remediation
In the span of a few weeks, the JavaScript ecosystem has been hit by back-to-back software supply-chain incidents. First came the s1ngularity/Nx compromise in late August. Then, this week, the Shai-Hulud campaign arrived with a twist: a self-replicating, worm-style payload that moved quickly through the npm ecosystem. Public write-ups from SCA and CNAPP vendors have […]