AppSec News Roundup on Claude Code Leak, Axios NPM Compromise, Secure Design - Idan Plotnik, Raj Mallempati - ASW #377
Get the full intelligence
Search transcripts, export clips, track mentions, and explore all topics from “AppSec News Roundup on Claude Code Leak, Axios NPM Compromise, Secure Design - Idan Plotnik, Raj Mallempati - ASW #377” inside PodZeus.
In this episode of Application Security Weekly, host Mike Shima and guest John Kinsella dive into the latest AI-driven security threats and shifts in software development. The discussion begins with the Anthropic Claude code leak via a compromised NPM map file, highlighting how even junior researchers can uncover critical vulnerabilities. The team then examines the Axios NPM supply chain compromise, where a maintainer was socially engineered into installing malware, underscoring the importance of secure publishing practices and organizational response. The conversation shifts to agentic coding, with Cloudflare’s MDash project presented as a secure-by-design alternative to WordPress, emphasizing modular, agent-friendly architecture. The episode explores the future of AppSec, questioning whether traditional vulnerability detection is sufficient in an era of AI-generated code. This leads to a deep dive into identity and access risks, with Raj Malampati of Blue Flag Security and Idan Plotnik of Apiro discussing how non-human identities—especially AI agents—introduce new attack surfaces. Apiro’s 'Secure Prompt' technology is highlighted as a proactive solution that prevents vulnerabilities before code is generated by enriching prompts with real-time software and compliance context. The episode concludes with a call to evolve AppSec from reactive detection to seamless, intelligent prevention.
AI-generated code demands a shift from reactive vulnerability detection to proactive, secure-by-design development.
Supply chain attacks like the Axios NPM compromise highlight the need for secure publishing workflows and organizational response readiness.
Non-human identities (AI agents, bots) are now critical attack vectors—visibility and least-privilege enforcement are essential.
Tools like Apiro’s Secure Prompt enrich AI prompts with software graph and compliance data to prevent vulnerabilities before code is written.
The future of AppSec lies in contextual, intelligent prevention rather than noisy, shift-left alerts that hinder developer velocity.
…and 3 more takeaways available in PodZeus
AI-Driven Supply Chain Scares: The Claude Code Leak
“Go interns. Junior researchers, junior developers are having their moment despite the world of AI.”
Axios NPM Supply Chain Compromise: A Modern XZ Utils
“How quickly can teams respond to this? For folks who have individual projects, sorry, hope things went okay. But for those out there in corporate land, how quickly did your corporate respond?”
Agentic Coding: From Bug Finding to Secure Design
The conversation shifts to AI’s role in finding bugs (e.g., in Vim, Emacs, Linux kernel), but the hosts argue that AppSec should focus on secure design over vulnerability hunting. Cloudflare’s MDash project is presented as a secure-by-design alternative to WordPress.
The Future of AppSec: Identity, Access, and AI Agents
“The real way to sort of in our perspective is how do I identify the root cause and fix the root cause of the problem? Right. And that's fundamentally the access...”
Secure Prompt: Preventing Vulnerabilities Before Code is Written
“We prevent for the first time in AppSec before code is generated. Gotcha. So I want to talk about how this changes the software development lifecycle itself.”
“We prevent for the first time in AppSec before code is generated. Gotcha. So I want to talk about how this changes the software development lifecycle itself.”
“The real way to sort of in our perspective is how do I identify the root cause and fix the root cause of the problem? Right. And that's fundamentally the access...”
“The whole benefit of letting AI create the code is you're reducing friction, everything is happening more quickly. So if the security product response to that is let's slow this down like no more.”
Host
Guests
Anthropic
organization
Claude
product
NPM
other
Axios
other
Apiro
organization
Idan Plotnik
person
Blue Flag Security
organization
Raj Malampati
person
RSAC 2026
other
Cloudflare
organization
Developing the Skills Needed for Modern Software Development - Keith Hoodlet, Shashwat Sehgal, Ron Rasin - ASW #376
Application Security Weekly (Audio) • 1h 15m • 3/31/2026
Securing Software's Journey with the OWASP SPVS - Ido Geffen, Rohan Ravindranath, Cameron W., Farshad Abasi - ASW #378
Application Security Weekly (Audio) • 1h 9m • 4/14/2026
The Human Aspect of Red Teams - Brian Fox, Tom Tovar, T. Gwyddon 'Data' Owen - ASW #379
Application Security Weekly (Audio) • 1h 13m • 4/21/2026
Get the full intelligence
Search transcripts, export clips, track mentions, and explore all topics from “AppSec News Roundup on Claude Code Leak, Axios NPM Compromise, Secure Design - Idan Plotnik, Raj Mallempati - ASW #377” inside PodZeus.
Start discovering podcast insights today
Start with a 7-day trial and explore a growing catalog of popular podcasts. No credit card required.
No credit card required • 7-day trial • Cancel anytime