Claude dropping that security code review capability took over X and LinkedIn. Well, the security corners of it at least. The CIBR Index is down nearly 4% over the last five days and already off 11.2% YTD. The only thing I cannot figure out is why Okta is bleeding over a code review tweet. But here we are.

I have been saying since 2023, and more importantly actually building and leveraging it, that the future of AppSec is LLM-powered tooling working alongside deterministic analysis. Not replacing it. Augmenting it. Then Anthropic drops their tweet and suddenly every incumbent, every late-stage security company is pivoting to "Hybrid Security Scanning." Everyone is racing to slap an LLM on top of their SAST scanner and calling it innovation.

Nobody in this space has a moat. Full stop.

If your entire thesis is LLM plus static analysis, you are not going to make it. That is table stakes now. The real edge is private data. Fine-tuning. Owning your model, your training pipeline, your token costs, your benchmarks. You do not need to top the public leaderboards. You need to completely dominate one language or one vulnerability category in a way no general-purpose model trained on public data can touch. That is where public benchmarks fall apart and your proprietary edge compounds.

The narrative has shifted too. We used to say ideas are cheap, show me the code. Now? Code is cheap. Bring good ideas to the table and ruthlessly run experiments. What is genuinely scarce is the judgment to know which ones are worth running and the conviction to go all in. Oh and speed. Because while everyone else is still debating the thesis in sprint planning or waiting on quarterly reviews, some of us have already shipped it, broke it, and shipped it again. Been there, done that, got the failed experiments to prove it. That competitive edge, moving fast and cheap while others are still being rational, is worth more than any moat you can draw on a whiteboard.

Security researcher Fatih Çelik reported CVE-2026-27498, where an authenticated user who can create/modify workflows can chain the "Read/Write Files from Disk" node with Git operations to execute arbitrary shell commands on the n8n host. n8n patched it in 1.123.8 and 2.2.0, so upgrade to one of those (or later) if you allow multiple people to build workflows.

Google Bug Hunters dropped a quick update on “Hybrid Protocol: The JSON Upgrade”: they’re extending the Hybrid transport so it can carry generic JSON messages, with the pitch that this unlocks new (and more secure) authentication flows on top of the same plumbing. My take: this is the kind of “small” protocol change that quietly expands what a platform can do: great for flexibility, but also exactly where edge cases and parser/interop bugs like to hide.

Alperen’s write-up is a nice reminder that “just an HTTP client wrapper” can still become an RCE gadget if it turns user input into method calls. The core mistake is using Ruby send with an unvalidated http_verb, so an attacker can swap :get for something like eval and jump from “make a request” to “run code,” especially in features that let users pick the verb (think webhook testers and proxy tools). What I like here is how fixable it is: hard allowlist real HTTP verbs and never route untrusted strings into send or public_send, even if it feels like a clean abstraction.

I’m biased here because I’ve contributed (sourcegraph detector) to Nosey Parker, and Titus is basically that lineage brought into a Go-native tool that fits how engagements actually run: scan repos, scan binaries, and scan live HTTP traffic via Burp or a browser extension. TruffleHog already nails the “is this secret real” angle with verification, so the Titus pitch is less novelty and more execution: lots of rules, lots of surfaces, and a validation mode that helps you prioritize what matters when you have a mountain of hits.

This SafeDep post is a clean teardown of the npm SANDWORM_MODE campaign, and it reads like a checklist of what modern supply chain malware looks like: deferred execution with setImmediate, layered base64 plus zlib plus XOR obfuscation, then a temp-file dropper that writes, executes, and deletes to stay slippery.

Anthropic announced Claude Code Security, a built-in feature in Claude Code (web) that scans codebases for vulnerabilities and suggests patches, but keeps a human in the loop for review and approval. It is rolling out as a limited research preview for Team and Enterprise users, with expedited access for open source maintainers, and Anthropic is explicitly framing this as defensive capability they want to deploy responsibly because the same tooling can help attackers move faster.

Cursor’s agent-sandboxing post gets at a problem we all recognize: once you approve a bunch of terminal commands, you stop really reading them, and that is when an agent can wipe something important or leak secrets. Their fix is practical. Run agents freely inside a sandbox and only pop an approval prompt when the agent needs to step outside, most often for network access, which they say cuts agent “stops” by about 40%.

If you’ve ever watched a SAST job run in CI and thought “cool, where did the findings go,” this Code Pathfinder update is aimed right at that gap. The GitHub Action can now comment directly on pull requests with a severity-grouped summary, and it can also leave inline review comments on the exact lines for critical and high issues, so findings show up where AppSec reviews actually happen. It’s opt-in via pr-comment and pr-inline (both default to false), and you can either keep it lightweight with PR comments only or also upload SARIF to GitHub Code Scanning if your team lives in the Security tab.

And that’s a wrap for this week! If you enjoy this curated issue, feel free to forward or share it with your appsec folks, team, hackerclub. For feedback, hugs, bugs or chats drop an email to [email protected]