Blog
Before it gets a number
CitrixBleed 3 is the third memory overread of its kind in three years. CVEs label what got hacked. CWEs are what was sitting in the code.
The Decision Is Already Ours
Two American companies are giving opposite answers to what AI is for. China has a third. Europe is silent. The decision belongs to the rest of us.
Local Models Are Not Frontier. They Are Enough.
Five labs shipped open-weight models in ten days. The frontier keeps moving but the floor moves faster. What local models are now enough for, and what they are not.
Your Dependencies Are Someone Else's Attack Surface
Supply chain attacks have escalated sharply in fifteen months. Shai-Hulud, Axios, TeamPCP, and what you can do about it.
Project Glasswing Has a Blind Spot. It's You.
Glasswing gave 50 organizations access to AI-powered vulnerability discovery. What about the other 33 million developers?
Introducing quodeq
Why we built an AI-powered code quality compass, and what makes it different from static analysis.