Name: Application Security Scanning in the Repository_ Best Practices
Start: 2022-03-15T17:00:00Z
End: 2022-03-15T17:00:43.000Z
Location: BrightTALK
Rating: 5

Mend.io offers the first AI native application security platform, empowering organizations to build and run a proactive AppSec program tuned for AI powered development. The unified platform secures AI generated code and embedded AI components, drives risk reduction through AI powered remediation, automates compliance, and provides a holistic enterprise scale view of risks and clear actions for developers across your entire codebase.
Learn more at www.mend.io

AI systems increasingly rely on system prompts to define how models behave, respond, and make decisions. Yet these instructions operate behind the scenes, hidden from traditional security controls and largely absent from today’s AppSec methodologies. As attackers grow more sophisticated, weaknesses inside system prompts are becoming a meaningful path to exploitation, enabling model manipulation, data exposure, and the bypassing of guardrails.

This session will dive into why system prompt hardening must become a core pillar of AI security in 2026. We’ll explore how prompt weaknesses form, the ways attackers target them, and why organizations struggle to measure or prioritize this new category of risk. We’ll also examine emerging approaches, including early research from Mend.io, that aim to bring structure, visibility, and standardization to system prompt security.

In this session, attendees will come away with a clear understanding of:

1. What system prompts are and why they represent a new attack surface.
2. How attackers exploit weaknesses inside prompt logic to influence model behavior.
3. Why traditional security tools fail to detect or assess prompt vulnerabilities.
4. How emerging scoring and classification methods help teams prioritize and harden prompts effectively.

Behind the Curtain of AI: Why System Prompt Security Matters

Every stage of the development process has AI woven in, which is increasing the complexity of software supply chains across the board. What does that mean for software development in 2026? For AppSec leaders and engineering teams, the question is no longer what’s happening, it’s how to respond.
In this strategic session, Amit Chita, Field CTO at Mend.io, will break down the most important shifts impacting AppSec programs in 2026 and, more importantly, what teams should be doing now to adapt. From emerging threats and evolving development models to new expectations around automation and integration, this session will help you take control of what’s ahead, and build a stronger, more future-ready security program.

Key takeaways:

-What top-performing AppSec programs will look like in 2026
-How to navigate AI, automation, and developer-first security practices
-The risks and blind spots security teams need to address now
-Practical steps to evolve your AppSec strategy for the year ahead.

Securing 2026: From Strategy to Execution

Amit Chita, Field CTO at Mend.io, explores how the rise of AI agents in the Software Development Lifecycle (SDLC) creates both challenges and opportunities. As developers adopt AI agents and embed LLMs into applications, the attack surface expands in ways traditional security can’t address. The path forward: applying a Zero Trust approach to your own AI models.

Join Ashish Rajan and Amit Chita as they dive into the new threats introduced by AI and share how to build a resilient security program for this new era.

Why Security Can Be Stricter: A Zero Trust Approach to AppSec with AI

“Secure-by-default” is no longer optional - it’s the new baseline. With AI-generated code, embedded AI components, and lightning-fast development cycles, traditional security gates are falling short. The solution lies in proactive defenses and practical auto-remediation that meets developers where they work.

In this episode, you’ll learn how to:

See practical auto-remediation in action across IDEs, pipelines, and workflows

Understand how AI-generated code reshapes threat models—and how to defend against it

Build secure-by-default systems in real organizations

Move beyond “shift-left” toward continuous, autonomous security

Watch the full conversation now and explore how auto-remediation is transforming AppSec.

How Auto-Remediation is Reshaping AppSec?

AI is moving faster than security teams can keep up, and its blind spots are multiplying. Unlike traditional applications, today’s LLMs, RAG pipelines, and autonomous agents can respond in endlessly varied ways to even slightly different inputs - making them impossible to test exhaustively like traditional code. That means new attack surfaces prompt injection, context  manipulation, multi-turn exploits, and tool misuse that static scanners and pen tests will never catch. 

This session cuts through the noise with a practical, step-by-step playbook for AI red teaming: what it is, why it matters now, and how to implement it without slowing delivery. We’ll contrast behavioral security with code security, show why SAST/DAST and classic pen tests miss prompt injection, context manipulation, jailbreaking, multi-turn exploits, and tool misuse - and map these risks across LLM apps, RAG systems, and agentic workflows. You’ll learn how to assess your exposure, choose the proper scope and objectives, balance manual creativity with automation, and operationalize continuous testing using the S-Curve maturity model - from first test to Level 3 continuous coverage.

Join us to learn how platforms like Mend AI Premium - Red Teaming can reduce risk identification and remediation time by up to 80% while meeting the rising expectations of both regulators and customers.

Key Takeaways:
-Identify AI-specific attack surfaces across LLM, RAG, and agentic systems.
-Design objective-driven red team exercises that uncover behavioral risks.
-Balance manual testing with automation for scale and regression coverage.
-Apply the S-Curve maturity model to move from ad-hoc to continuous testing.
-Translate findings into fixes, KPIs, and compliance evidence (e.g., NIST, EU AI Act).

Stop the Unknown Unknowns -  A Maturity Model for AI Red Teaming

In this session, hosted by AWS, our expert Bar-El Tayouri, talks about Mend.io’s holistic approach to AI application security addressing both component-level vulnerabilities in AI frameworks and models and application-specific contextual threats. Through AI Framework/Model Detection and Red-Teaming solutions, Mend.io provides comprehensive visibility and proactive risk mitigation for AI-powered systems.

AI-Powered Application Security: A Holistic Approach to Mitigating Modern Risks

AI is the ultimate accelerant for application development – fueling innovation at breakneck speed and making the impossible look easy. But here’s the catch: fire is a tool until it’s out of control.
In this session, we’re not just talking about AI risks – we’re playing with fire and watching what happens, straight from the terminal. We’ll exploit vulnerabilities, uncover adversarial tricks, and walk through real-world case studies that show just how easy it is to take advantage of AI risks (and how attackers are already doing it).
Expect technical code examples and a behind-the-scenes look at how attackers manipulate AI – from jailbreaking LLMs to creating AI-driven zero-days. More importantly, we’ll cover how to fight fire with fire by strengthening prompts, setting up guardrails, spotting rogue agents, and running AI-specific red team exercises.
Learn how to adapt to ensure AI delivers on its promise of a brighter future – instead of its burning threat of unforeseen risks.

Hacking & Securing AI Systems: Playing with Fire and Controlling the Flare of AI

Head from Bar-El Tayouri, Head of Mend AI at Mend.io, on the urgent need for a new approach to securing AI-driven applications. From understanding novel AI components and their risks to implementing a comprehensive AppSec program, this episode delivers actionable insights for organizations building with AI.

Beyond Traditional AppSec: Navigating the New Frontier of AI Security with Mend AI

In this episode, Bar-El Tayouri, Head of AI Security at Mend.io, discusses the rapidly evolving landscape of application and AI security - especially as multi-agent systems and fuzzy interfaces redefine the attack surface.

Topics covered include:

• Modern AppSec Meets AI Agents
How traditional AppSec falls short when it comes to AI-era components like agents, MCP servers, system prompts, and model artifacts - and why security now depends on mapping, monitoring, and understanding this entire stack.

• Threat Discovery, Simulation, and Mitigation
How Mend’s AI security suite identifies unknown AI usage across an organization, simulates dynamic attacks (like prompt injection via PDFs), and provides developers with precise, in-code guidance to reduce risk without slowing innovation.

• Why We’re Rethinking Identity, Risk, and Governance
Why securing AI systems isn’t just about new threats - it’s about re-implementing old lessons: identity access, separation of duties, and system modeling. And why every CISO needs to integrate security into the dev workflow instead of relying on blunt-force blocking.

Rethinking AppSec for the AI Era: Agents, Threat Simulation, and Smarter Risk Governance

What does it take to secure AI-based applications in the cloud? In this episode, host Ashish Rajan sits down with Bar-El Tayouri, Head of Mend AI at Mend.io, to dive deep into the evolving world of AI security. From uncovering the hidden dangers of shadow AI to understanding the layers of an AI Bill of Materials (AIBOM), Bar-el breaks down the complexities of securing AI-driven systems. Learn about the risks of malicious models, the importance of red teaming, and how to balance innovation with security in a dynamic AI landscape.
- What is an AIBOM and why it matters
- The stages of AI adoption: experimentation to optimization
- Shadow AI: A factor of 10 more than you think
- Practical strategies for pre- and post-deployment security
- The future of AI security with agent swarms and beyond

Securing AI Applications in the Cloud

Building AI agents that truly work in practice is no small feat. In this session, we’ll explore both sides of the challenge: how to design and develop agents that are effective and reliable, and how to secure them from the very beginning of the development process.

We’ll break down the core difficulties of building agentic systems - compound errors, business context, and performance trade-offs - and present a framework for structuring, planning, and evaluating agents. At the same time, we’ll examine the unique risks that surface during design and development, from architectural vulnerabilities to manipulation strategies, and demonstrate how to weave security directly into the lifecycle of agent creation.

Together, we’ll show how to move beyond theory to practice - building AI agents that are powerful, dependable, and resilient by design.

Designing and Defending AI Agents: A Practical Guide

It’s no secret that AI is transforming how we build and secure software requiring organizations to face a new set of critical questions. Is a general-purpose AI sufficient for implementing reliable security fixes, or do we need specialized models designed from the ground up with security in mind? And how can we adjust our established review and testing methods to an era where code, and even the models that generate it, may require new forms of examination?

Join our experts, Bar-El Tayouri and Amit Chita, for a dynamic discussion to explore if AppSec traditional approaches remain viable in the age of AI or whether we must reimagine our strategies and toolchains altogether:
-Harnessing AI for AppSec success: Learn how AI-driven innovations can enhance productivity, reduce risk, and create business value.
-Evolving team dynamics: Understand how AI reshapes roles and promotes collaboration between security, development, and operations teams.
-Addressing new vulnerabilities: Discover how AI-powered coding tools can inadvertently introduce risks into your codebase—and how to mitigate them effectively.
-Gain actionable insights into how cutting-edge AI capabilities are reshaping the future of AppSec, and walk away with a deeper understanding of the next steps in securing AI-driven development.

AI in the Spotlight: Exploring the Future of AppSec Evolution

Struggling to optimize your web application security tools while keeping pace with rapid updates?
In this session, our experts will guide you through the critical aspects of building a resilient application security (AppSec) program. Discover how to navigate the complex landscape of security solutions, implement effective scanning strategies, and balance security integrity with the need for agility.
Gain actionable insights as we explore the practical steps to fortify your web application security posture and elevate your AppSec program to maturity.
Join us to uncover the tools, techniques, and strategies that will transform your approach to web application. Key topics include:

-Unlocking the power of a holistic scanning approach, including SAST, SCA, DAST, IAST, API Security, AI Security, and Container Security to strengthen your defense strategy.
-Understanding the foundational components of a robust application security program, with a focus on comprehensive coverage and end-to-end app and API security.
-Overcoming common security challenges, such as integrating seamless hot-fixes into your pipeline without compromising security.

The Road to AppSec Maturity: Scanning, Coverage, and Agility

Conversational AIs powered by LLMs are everywhere now and present new and unique security, safety, and efficacy challenges that companies and their existing AppSec tools are ill-equipped to handle. Fortunately, new solutions help companies address these emerging risks without having to reinvent existing AppSec processes and best practices completely.

In this webinar, you'll discover:

-Conversational AI Risks: Understand the unique risks LLM-powered Conversational AI present.
-Beyond Traditional Security: Learn why standard tools fail to protect against these new risks.
-The Power of AI Red Teaming: Master proactive, automated testing to identify and mitigate Conversational AI risks.
-Beyond AppSec: Implement robust strategies to safeguard your Chatbots and LLMs against misuse, undesired behavior, and safety.

AI Red Teaming and the Future of LLM Security

Vulnerability detection isn’t the main problem - remediation is.
In today’s fast-paced development world, security teams are overwhelmed with alerts, while developers struggle to keep up with security tasks that feel disconnected from their workflow.
The real risk? Vulnerabilities that sit unaddressed in a growing backlog.
Join Daniel Wyrzykowski, Product Manager at Mend.io and Saoirse Hinksmon, Senior Product Marketing Manager at Mend.io as they explore:

-Why alert fatigue is now one of the biggest blockers to AppSec success
-How AI-generated code and AI-based systems have made traditional detection less effective - and remediation more urgent
-New approaches to automate, prioritize, and scale remediation
-Real-world remediation workflows that accelerate time-to-fix and reduce noise

Whether you’re planning an AppSec transformation or looking for smarter remediation strategies, this session will give you a practical blueprint to move from detection to defense - and fix faster.

The AppSec Bottleneck: Why Fixing is the New Finding

AI native development tools like Cursor, Devin, and GitHub Padawan are no longer just assistants - they’re becoming co-authors, architects, and in some cases, autonomous engineers. As these tools redefine how software is written and shipped, they raise critical questions about how we manage and secure modern codebases.
In this thought-provoking session, Amit Chita, Field CTO, and Daniel Wyrzykowski, Product Manager from Mend.io, will explore the rapidly evolving intersection of AI first software development and application security. With deep expertise in both domains, they’ll examine emerging patterns, hidden risks, and what the future might demand of security teams and engineering leaders.
Join us as we explore:
-The AI IDE revolution - how intelligent dev agents are rewriting the rules of software creation and pushing the SDLC into uncharted territory
-Code you didn’t write, but must secure - why AI generated code is forcing us to rethink trust, testing, and traditional review processes
-Security workflows on the edge - what breaks, what bends, and what survives when AI enters the pipeline
-Human vs. machine oversight - navigating the new power dynamic between developers, automation, and integrated toolchains
If you're building, breaking, or securing modern software, this is a conversation you won’t want to miss.

AI Is Writing the Code - Can Security Keep Up?

AI tools are rapidly infiltrating software development and many are being adopted without formal approval or security oversight. Developers, engineers, and data scientists are integrating various AI components such as Models, Agents, MCP servers, and more into workflows at unprecedented speed - often without informing AppSec or compliance teams. 
This decentralized adoption is efficient and can drive innovation, but it opens the door to hidden risks, blind spots, and a growing security debt, creating ideal conditions for breaches, data exposure, and compliance failures that could go undetected until it’s too late.
In this session, Mend.io EVP Product Management Nir Stern examines the security implications of Shadow AI and offers practical guidance for spotting and stopping the risks introduced by unapproved tools. 
From identifying visibility gaps and reducing governance friction to actionable mitigation strategies, you’ll walk away with a sharper understanding of how to protect your development lifecycle from AI-driven threats.

How to Spot and Stop Security Risks From Unmanaged AI Tools

In this technical webinar, Invicti and Mend.io will explore how their solutions work together to create a stronger AppSec strategy. Invicti, specializing in Dynamic Application Security Testing (DAST), will demonstrate how its real-time, black-box testing detects vulnerabilities without all the false positives. Mend.io, which  brings a broader approach to Application Security, incorporates Static Application Security Testing (SAST) and will showcase how its tools help detect and resolve security flaws early in the development lifecycle—across both proprietary  and open-source code.
Together, Invicti and Mend.io provide a comprehensive approach, addressing vulnerabilities at both runtime and code levels. Join us to learn how combining these tools strengthens application security, reduces risks, and enhances the overall software development process.

A Unified Approach to AppSec: Enhancing Security with DAST and SAST

Historically, if organizations wanted to automate and enforce application security testing, the best place to do that was within CI/CD pipelines.  As time went on, we realized that while pipeline scanning has its place in securing applications, it doesn't scale as more and more plugins are needed and with that, the task of managing them becomes its own headache.

In addition, development teams don't typically work in pipelines.  They work with code repositories, commits, merges, and pull requests.  To get closer to being truly part of a development team's native workflow, application security needed to be in the code repository ecosystem.

Learn why scanning applications in the repository is the best way to secure your applications. From enforcing policies to providing feedback on demand, to preventing context switching, scanning in the repository is the most effective way to secure your applications and reduce your risk.

Application Security Scanning in the Repository_ Best Practices

Azure

repository

appsec

whitesource

scanning

Open Source

Automation

CICD

code

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Application Security Scanning in the Repository_ Best Practices

Presented by

About this talk

Mend.io