📣TODAY! Join puerco at #SOSSCommunity Day Europe as he dives into how to build a trusted end-to-end VEX stream, from code to scanner diving deep into a VEX document and explores other highlights of the OpenVEX ecosystem. Thu. Sep 19 at 10:40am CEST sched.co/1gb7z

Now available in #Minder: Profile Selectors give you the flexibility to customize how & when policies are applied to your projects. Easily customize how Minder profiles are applied to your projects, and apply the right rules to the right resources. stacklok.com/blog/flexible-…

Join Stacker Juan Antonio Osorio for an Intro to #Minder today at 10am ET / 3pm BST / 5pm EEST to get a high-level overview and demo of the project. YouTube livestream is at: youtube.com/watch?v=YvP9YG… #SupplyChainSecurity #ShiftLeft #DevSecOps

“90% of the code that's being delivered into a production environment is written by random people on the internet. And those random people are increasingly using generative AI models”—Craig McLuckie, on Stacklok donating its Minder #security supply chain platform to OpenSSF #ATO2024

🎉 Welcome to the OpenSSF family, Minder! 📣 Stacklok is contributing Minder to OpenSSF as a sandbox project! Minder streamlines #OSSSecurity, auto-remediates issues, and flags key risks for devs & security teams. 🔍 Learn more about Minder: openssf.org/guest-blog/202…

.Stacklok Donates Minder Security Project to OpenSSF | By Steven J. Vaughan-Nichols #OpenSource Craig McLuckie thenewstack.io/stacklok-donat…

.Stacklok Donates Minder Security Project to @OpenSSF #CyberSecurity #OpenSource thenewstack.io/stacklok-donat…

🔒Today Stacklok introduced CodeGate —local, open source privacy controls that work with your AI code assistant. You deploy a single container locally that encrypts secrets before they find their way into your prompts and alerts you when dangerous dependencies are suggested

While others are doing secret Santa, #GenAI builders are locally encrypting secrets w/ Stacklok's new #opensource Code Gate 🎅🎁👇

A look at four ways that AI is reshaping hacking and malware development, and how we can stay vigilant in response. @stacklokhq thenewstack.io/evil-models-an…

Working malware is easily generated from DeepSeek's R1 model with a gentle nudge and a few human edits hubs.la/Q03cyMJy0

Not easy, but effective. Hallucinations were almost entirely resolved using CURE + reverse RAG + more LLM magic hubs.la/Q03cz5nt0

15 AI Agent Papers You Should Read From February. Or, at least get the TL;DR from your favorite model hubs.la/Q03cz6jh0

"This technique enables hackers to silently compromise AI-generated code by injecting hidden malicious instructions into seemingly innocent config files used by Cursor and Copilot" 😟hubs.la/Q03cZTDF0

The model is the product; were investors wrong to bet on the application layer? hubs.la/Q03cZX5V0

Emergent misalignment is strongest in GPT-4o and Qwen2.5-Coder-32B-Instruct, but all fine-tuned models exhibit inconsistent behavior hubs.la/Q03cz4zK0

Three types of AI missteps during agentic coding and how to safeguard against them; thoughts from Birgitta B.. hubs.la/Q03dmPyR0

MCP: The Ultimate API Consumer (Not the API Killer) hubs.la/Q03dmRkg0

Will / should this also include code? hubs.la/Q03dmQ5D0

"AI's effects on programming jobs; doom and utopia are not our only options." hubs.la/Q03dmSPW0