Hello test,

AI is already part of how teams build software, and security teams are being pushed to keep up. New risks are showing up across AI-generated code, open source dependencies, and AI-powered systems.

Teams are addressing this by securing both traditional applications and AI-powered systems with Mend AppSec and Mend AI.

AI risk needs better context

Mend.io leads in innovation with AI security testing

Security teams are shifting from tracking vulnerabilities to understanding business risk, focusing on what actually matters.

To support this shift, teams are using Mend.io to:

• Identify AI-generated code and components
• Prioritize risk based on business impact
• Apply policies to sensitive projects
• Reduce exposure from prompt injection

👉 See how Mend.io prioritizes AI risk based on real business impact

Live webinar

AI under attack: Lessons from real-world AI security incidents

April 23, 2026 | 11:00 AM ET

See how attackers are manipulating AI systems and what controls actually work.

👉 Register now

Where risk is showing up

Prompt injection is becoming a real risk

AI agents now interact with internal systems and data. This creates new attack paths where malicious inputs can manipulate behavior and bypass controls.

📺 Watch how prompt injection is exposing new AI vulnerabilities

Container security without context is just more noise

Container scans surface thousands of CVEs, but most come from base images your team can’t fix. Without context, teams spend time triaging noise instead of real risk.

👉 See how Mend.io filters container risk with VEX and reachability

How teams are moving to risk-based security

Cohen, CISO at Migdal, shared how they integrated Mend.io into development to prioritize real business risk:

“The goal was not to add another layer of scanning, but to create a continuum of control and full transparency across the SDLC, with security integrated directly into the development pipeline so findings are addressed early.”

👉 See how Mend.io integrates security into development

Popular reads

Recent attacks across npm and PyPI ecosystems show how attackers are targeting AI tooling and dependencies.
This reinforces the need for unified visibility across code, dependencies, and AI components.

• Poisoned Axios: npm account takeover, 50 million downloads, and a RAT that vanishes after install

• Famous telnyx PyPI package compromised by TeamPCP

• TeamPCP supply chain attack part 2: LiteLLM PyPI credential stealer

• CanisterWorm: The self-spreading npm attack that uses a decentralized server to stay alive

With Mend AppSec and Mend AI, teams can secure both traditional applications and AI-powered systems.

Send to a Friend ·  View this Online ·  Manage your preferences ·  Unsubscribe

Mend.io: 4 Ariel Sharon St, Givatayim 532004, Israel