GitLab announced the general availability of GitLab Duo with Amazon Q.
Contrast Security announced the release of Application Vulnerability Monitoring (AVM), a new capability of Application Detection and Response (ADR).
AVM works within applications to find application and API vulnerabilities in production and correlate those vulnerabilities with attacks. Accurately identifying the issues in production with AVM results in lower overall cyber risk.
"Traditionally, application and API security testing happened before production, without any insight into real attacks or how software actually runs in production. As a result, development and AppSec teams are drowning in theoretical risk and false positives. By identifying the real, exploitable risks in a running app in production, and enriching them with details about real attacks and exploits, AVM automatically enables teams to focus on the risks that matter, before attackers find them,” said Jeff Williams, founder and CTO of Contrast Security.
Contrast Security’s Application Detection and Response operates with intelligent sensors inside the application layer to identify and respond to attacks and defects in applications and APIs. It gives SecOps the behavioral context it needs to see and understand how attackers are targeting and exploiting applications, while simultaneously reducing the attack surface by pinpointing and prioritizing vulnerabilities. With the added capabilities of AVM, SecOps teams, AppSec teams and DevOps teams can collaborate to prioritize and close exposed vulnerabilities in both custom code and libraries.
Application Vulnerability Monitoring allows organizations to tackle well known security problems:
- Solve for expanding application attack surface: Organizations using AI to accelerate development often struggle to manage their expanding attack surface. AVM provides continuous visibility within production applications, enabling secure innovation minus the risk.
- Solve for application risk blind spots: Organizations struggle to prioritize application vulnerabilities. The combination of AVM and ADR allows them to see the real exploitable risks in production and what’s actually being attacked. This allows SecOps to deploy compensating ADR controls while developers are implementing a permanent fix.
- Solve for inefficient incident response: Organizations can’t always identify the vulnerabilities exploited in a security incident because they are using traditional tools. The combination of AVM and ADR can now allow them to rapidly see the entry point, the context surrounding it and the necessary fix.
- Solve for zero-day attacks: Organizations are blind to unreported vulnerabilities with traditional approaches. Contrast AVM and ADR works within the application, continuously analyzing behavior and identifying vulnerabilities in real-time, so that organizations can stop and fix issues before they are widely known.
Contrast’s managed service, Contrast One, is also available for both AVM and ADR, for organizations that want expert assistance running their application security program.
Industry News
Perforce Software and Liquibase announced a strategic partnership to enhance secure and compliant database change management for DevOps teams.
Spacelift announced the launch of Saturnhead AI — an enterprise-grade AI assistant that slashes DevOps troubleshooting time by transforming complex infrastructure logs into clear, actionable explanations.
CodeSecure and FOSSA announced a strategic partnership and native product integration that enables organizations to eliminate security blindspots associated with both third party and open source code.
Bauplan, a Python-first serverless data platform that transforms complex infrastructure processes into a few lines of code over data lakes, announced its launch with $7.5 million in seed funding.
Perforce Software announced the launch of the Kafka Service Bundle, a new offering that provides enterprises with managed open source Apache Kafka at a fraction of the cost of traditional managed providers.
LambdaTest announced the launch of the HyperExecute MCP Server, an enhancement to its AI-native test orchestration platform, HyperExecute.
Cloudflare announced Workers VPC and Workers VPC Private Link, new solutions that enable developers to build secure, global cross-cloud applications on Cloudflare Workers.
Nutrient announced a significant expansion of its cloud-based services, as well as a series of updates to its SDK products, aimed at enhancing the developer experience by allowing developers to build, scale, and innovate with less friction.
Check Point® Software Technologies Ltd.(link is external) announced that its Infinity Platform has been named the top-ranked AI-powered cyber security platform in the 2025 Miercom Assessment.
Orca Security announced the Orca Bitbucket App, a cloud-native seamless integration for scanning Bitbucket Repositories.
The Live API for Gemini models is now in Preview, enabling developers to start building and testing more robust, scalable applications with significantly higher rate limits.
Backslash Security(link is external) announced significant adoption of the Backslash App Graph, the industry’s first dynamic digital twin for application code.
SmartBear launched API Hub for Test, a new capability within the company’s API Hub, powered by Swagger.
Akamai Technologies introduced App & API Protector Hybrid.