Source Code Management (SCM) stories

Orca Security warns that AI credentials, vulnerable dependencies and lax pipeline controls are leaving production environments exposed across US and Europe.

Cursor 3 rebuilds the coding workspace around AI agents, adding cross-repository collaboration, cloud handoffs and review tools for developers.

Kestra secures USD $25 million from RTP Global to launch Kestra 2.0, roll out Kestra Cloud and expand in North America and Europe.

Liquibase rolls out AI-backed database governance and deployment connectors for ServiceNow, GitHub, Harness and Terraform to improve auditability.

Percona teams up with Chainguard to offer supported, hardened container images for MySQL, PostgreSQL and MongoDB databases.

AppOmni upgrades Heisenberg to help teams trace GitHub Actions and spot tainted dependencies after the LiteLLM supply chain breach.

Aerospike adds durable memory for LangGraph agents to keep context through restarts, failures and concurrent sessions.

NetRise unveils Provenance, a tool to trace open source maintainers and stop risky dependencies before they spread through software.

Mimecast chief warns human risk is now cybersecurity's 'eighth layer' as malicious insiders overtake negligence in Australian attacks.

Veracode unveils an AI-driven tool that automatically fixes open-source vulnerabilities, tackling mounting security debt in software supply chains.

Aqua Security's Trivy GitHub Action was hijacked to ship infostealer code via CI/CD pipelines, exposing secrets across downstream users.

GitLab opens agentic AI to free-tier users, sets USD $0.25 flat fee for automated code reviews and expands security false-positive filtering.

SpecterOps broadens BloodHound Enterprise to map identity attack paths across Okta, GitHub and Jamf-managed Macs in hybrid environments.

Entro launches AGA to map, monitor and control AI agents in enterprises, tackling shadow AI and non-human identity risks at scale.

Ultralytics debuts an end-to-end vision AI platform, unifying labelling, training and deployment as firms demand tangible AI returns.

Cobalt launches Security Program Manager service to run enterprise pentesting, align tests with business goals and speed up remediation.

ThoughtSpot rolls out Spotter for Industries, AI analytics agents tuned to sector rules to close the “context gap” in enterprise decisions.

AI-fuelled coding drives record 29 million hardcoded secrets on GitHub in 2025, with leaks from AI tools and services surging sharply.

Secure Code Warrior launches SCW Trust Agent: AI, giving security teams commit-level visibility and control over AI-influenced code.

1Password unveils Unified Access to secure AI agents and machine credentials, promising endpoint-to-agent visibility for security teams.