Table of Contents Problem #1: “I didn’t write this bug, why is it my problem?”Problem #2: “The Dependency Hell” (Transitive Dependencies) 🔥Problem #3: “Wait, I can’t use this library? It’s open source!” ⚖️Problem #4: “The Sneaky Attack” (Advanced SAST & …
-
The Real Mechanics of Vulnerabilities in an Upstream/Downstream, Topsy-Turvy EOL World
Table of Contents In this article you’ll learnIntroductionWhat this article is aboutBack in the real worldCode FlowsA different type of waterfallUnpredictable as the weather?The idealised workflowThe ethics of vulnerability patchingUnreported is not safeDownstream’s responsibility to the ecosystemEnd of Life software …
-
The 5 Knights of the MCP Apocalypse 😱
Table of Contents 1. The “My Prompt is Leaking Secrets” Problem 🔑2. The “Is My Server a Double Agent?” Problem 🕵️3. The “Black Box of Vulnerabilities” Problem 🐛4. The “Context Pollution and Poisoning” Problem 🧪5. The “Too Many Cooks” Problem …
-
Java Security Starts with the JVM
Table of Contents 1. Security starts with timely, predictable updates Azul does it differently Why this matters 2. Long-term support = long-term security The problem Azul’s solution 3. A secure software supply chain How Azul secures the supply chain Key Takeaway 4. Beyond the JDK: proactive insights Why this matters 5. …
-
JC-AI Newsletter #8
Fourteen days have passed, and it is time to present a fresh collection of readings that could influence developments in the field of artificial intelligence. This newsletter focuses on examining how AI enhances productivity through enterprise studies, agentic system architecture, …
-
How Chat Memory Manipulation Can Ruin Your AI System
Table of Contents Do LLMs have any conversational memory?Implementing chat memory in your AI appChat messages with Java’s Langchain4JLLM chat memory injectionChat memory injection: Proof of conceptPreventing chat memory manipulation is key Do LLMs have any conversational memory? With the …
-
Save Time and Money by Reducing False Positives
Table of Contents The Production Scanning ChallengeHow AVD Architecture WorksDeployment Tagging and ReportingReducing False Positives Through Production ScanningClass-Level Precision for Maximum Efficiency Recently Azul announced that AVD (Azul Vulnerability Detection), which is our solution to scan for security vulnerabilities in …
-
Ensuring Safe and Reliable AI Interactions with LLM Guardrails
Table of Contents Understanding LLM guardrailsHow guardrails workEasily implementing guardrails with QuarkusInput guardrailsOutput guardrailsSanitizing LLM input and output Integrating Large Language Models (LLMs) into our applications is becoming increasingly popular. These models are extremely useful for creating content, searching documentation, …
-
Sonar Connect Amsterdam 2025
Table of Contents Code quality + Code security for Open Source & AI code Code quality + Code security for Open Source & AI code In the age of AI, ensuring code quality and code security is more critical than …
-
What is RAG, and How to Secure It
Table of Contents Why use RAGHow RAG Works1. Retrieval2. GenerationSecurity implications of using RAGPrompt injection through retrieved contentData poisoningAccess control gaps in retrievalLeaking PII to third-party modelsCaching risks and session bleedContradictory or low-quality informationProactive and remediation strategies for securing RAGSanitize …
-
Time to panic? AI and Cybercrime legislation is on your doorstep now
Table of Contents Accountability Cannot Be OutsourcedThe AI Act: Europe’s Regulatory BeaconThe US: Executive Orders and Sector-Specific PushUK and China: Innovation vs ControlFollowing the tech …What’s Next? As we settle into 2025, legislation around AI and cybercrime is no longer …