Developer Certification with DevSecOps 2.5
Advanced Developer Certification now available with DevSecOps Suite 2.5! Rank all your developers to get a Certification Score.
Cortex 1.7 is Better, Safer, Faster, Easier
Cortex 🤖 is Better, Safer, Faster, Easier with the 1.7 release! 🚀 We are also introducing 🎯 tiered responses from Cortex and Pervaziv-LLM based on your subscription package. Install from VSCode Marketplace. We released Cortex 1.5 with Model Context Protocol (MCP) on November 10, 2025. 📣 Since then we have captured feedback from users in
Binaries Demystified – DevSecOps 2.4 + Windows
Binaries Demystified! DevSecOps 2.4 can now scan, unpack and analyze Windows packages/binaries (in addition to previously released Unix ones) for security issues and vulnerabilities. We’ve covered the entire gamut of what’s feasible to reconstruct with the help of AI. Previously in DevSecOps 2.2, we released the Package Analyzer with support for UNIX-based packages and binaries.
Launching new Research Hub
We are officially launching our brand new Research Hub at Pervaziv AI. Let’s dive into the state of the art initiatives we’ve undertaken.
CWE Landscape, Patterns, Correlations
Introduction Security vulnerabilities are rarely isolated incidents. In real-world systems, weaknesses tend to cluster, cascade, and compound, often stemming from the same underlying design or validation failures. As part of our research to build models that can detect and remediate vulnerabilities automatically, we analyzed the Top 25 CWEs, their scope, parent–child relationships, and correlations across
Vulnerabilities and Programming Languages
Every line of software, from the first punch‑card programs to today’s AI‑generated code — carries with it the imprint of the language that created it. As languages evolved to help developers write bigger, faster, and smarter programs, they also shaped the types and frequency of vulnerabilities that attackers exploit. In this blog, we’ll take you
Understanding MITRE Att&ck Framework
The MITRE ATT&CK framework describes how real adversaries operate, not theoretical vulnerabilities. For application security teams, ATT&CK provides a powerful lens to move beyond static bug-finding toward attack-path thinking, runtime defense, and measurable risk reduction. This article walks through each core ATT&CK tactic from an AppSec-first perspective, focusing on how attacks manifest inside applications, APIs,
RAG for Coding and Security
Retrieval-Augmented Generation (RAG) is increasingly becoming a practical pattern for building smarter, safer, and more reliable developer tools. By combining large language models (LLMs) with trusted external knowledge sources, RAG enables applications to generate context-aware responses grounded in real, up-to-date information. In the domains of application security and software development, this approach unlocks powerful use
Comparing Penetration Testing Tools
Penetration Testing Tools for Applications Penetration testing tools in application security are used to simulate real-world attacks and validate whether weaknesses in an application can be exploited. The workflow begins with reconnaissance and attack-surface discovery, where tools map domains, APIs, endpoints, parameters, authentication flows, and user roles. This phase often includes technology fingerprinting, dependency identification,
Confidential Computing and Application Security
What Is Confidential Computing? Confidential Computing is a security approach that protects data while it is actively being processed, not just when it is stored on disk or transmitted over a network. Traditional security models focus on encryption at rest and encryption in transit, but they leave a critical gap: once data is loaded into