Why are so many organizations still hesitant to truly experiment with AI security?

Our Security Advocate, Dr. Katie Paxton-Fear, has the answer👇

Detect hard-coded JWT secrets in your Express.js codebase!

Run: semgrep scan --config express-jwt-hardcoded-secret.yml ./src

This rule catches risky credential patterns that could expose your authentication.

Want to better understand the Semgrep Multimodal approach?

Rick Harp, Senior Solutions Engineer, explains what it is and how it’s different from other static analysis tools. 👇

Is your AppSec team scaling at the speed of AI, or are they still running on human-only hours? 🛡️

The timing is critical for two reasons.👇

AI-native assistants don't automatically understand your unique security practices during code development.

Custom Guardrails bridge that gap.👇

#AppSec #SecureCode

Semgrep App Security Platform | AI-assisted SAST, SCA and Secrets Detection An extensible developer-friendly application security platform that scans source code to surface true and actionable security issues with AI-assisted SAST, SCA, and Secrets Detection solutions.

Move from "Security Gates" to "Secure Guardrails" and keep your development velocity high without the risk.

Try Semgrep today: 👇

4️⃣Use Offensive AI 
AI isn't just the problem, it’s also the solution. Use "Offensive AI" to:

- Detect emerging issues before they become exploits.
- Automatically suggest fixes for vulnerabilities in your backlog.
- Learn from past mistakes to harden your codebase over time.

3️⃣Enforce secure coding guardrails: 
Think of guardrails as your security team’s "digital brain." By using custom rules and policies (like those in the Semgrep Pro Engine), you can set a definitive security posture that scales. If the AI suggests an insecure pattern, the guardrail stops it instantly.

2️⃣ Embed security early and continuously:
Security can't be an afterthought.

- In the IDE: Catch issues the moment they are written.
- In the PR: Enforce scans automatically to ensure no vulnerable AI code ever reaches production.

1️⃣ Assume AI code is vulnerable until proven safe:
Our studies show that 48% of code generated by major LLMs contains vulnerabilities. You must apply the same (or even higher) scrutiny to AI suggestions as you would to a junior engineer's PR.

If your team is leaning into "vibe coding" or heavy LLM usage, you need a strategy to ensure that speed doesn't turn into a liability.

Here are four essential principles for securing AI-generated code👇

Want to scan your entire codebase without touching a single CI/CD file? 🛡️

In this quick walkthrough, we show you how to scale security across your repos in minutes using Semgrep Managed Scans.

No manual config, just results.👇

#AppSec #SecureCode

Imagine an AI that reasons like a security engineer with the context of your lead developer. 

Semgrep’s retrieval systems give any LLM the repo-specific nuance it needs to be reliable.👇

#AppSec

We provide secure coding feedback where it matters most: on the dev's screen.

Faster feedback = less exploitable software, less frustration from devs and less time wasted.

If a vulnerable function in your supply chain isn’t reachable, it shouldn’t derail your sprint.

If it *is* reachable, you need it at the top of the queue.

Semgrep helps teams figure this out quickly so that remediation is efficient.

🟢 Semgrep version 1.147.0 is live!

Check out all the details here👇

github.com/semgrep/semgrep/releases...

We’re just 3 days away from our exclusive boot fitting event at the San Francisco Sports Basement.

Attendance is limited and subject to confirmation.

RSVP today to get on the list 👇

semgrep.dev/events/step-into-ski-sea...

$ semgrep init --year 2026

[INFO] Initializing Future... [OK]
[INFO] Deploying: Secure_Code.v2026 [SUCCESS]
[WARN] Challenges: Loading... 

Welcome to 2026❇️

Leave false positives in 2025.

Imagine 2026: An AppSec world with zero noise and 100% developer trust. By leveraging the Semgrep platform, you can silence the friction of irrelevant alerts and focus on what actually matters ➡️ shipping secure code.

🌀Learn how we’re doing it: https://semgrep.dev/

59% of developers still don’t trust AI tools to handle security.

With "vibe-coding" skyrocketing, even a small error rate creates a massive wave of new vulnerabilities.

At Semgrep, we’re bridging that trust gap.

#AppSec #AI #DevSecOps

Semgrep × Cursor Hooks: Making Security Reliable for Agents With Cursor hooks, AppSec teams can guarantee that all code generated by AI is scanned with Semgrep - without introducing any friction to developers. Even cooler, hooks let Semgrep give agents critical security context before they generate code, making their outputs safer to begin with.

Read how it works👇

In the world of "vibe coding," agents are powerful but they aren’t secure.

Semgrep x Cursor Hooks changes that.

Using Cursor Hooks allows AI agents to run and test code safely in their own environment, identifying vulnerabilities and applying fixes before you ever see the code.

Last chance to join us! ⏰

Tomorrow at 9:00 AM PT, @insider.phd (Semgrep) and Aubrey King (F5) will go head-to-head on the industry’s biggest hot takes, from whether AI is actually helping security teams to why developers might not care about security

🔗 semgrep.dev/events/unfil...

That’s a wrap on Black Hat Europe 🇬🇧

Huge thank you to everyone who stopped by Booth #816 and to everyone who joined us at our events!

We’re heading home feeling genuinely grateful for this community. Thanks for the great conversations, thoughtful questions, and good energy.

Until next time! 👋

On December 16th at 9:00 AM PT, join @insider.phd (Semgrep) and Aubrey King (F5) for a live, unscripted session where they tackle the hot takes practitioners are actually debating.

No slides. No scripts. Just two experts digging into the issues shaping 2026.

👉 semgrep.dev/events/unfil...

Still in town tonight? Join us for one more adventure: THE CUBE Experience – an AppSec Adventure 🧊

🕔 17:00–20:30 GMT | 📍 London (short tube from ExCeL)
Teams of two, gameshow-style challenges + festive dinner & drinks.

👉 Register: semgrep.dev/events/the-c...

Huge thank you to everyone who joined us for Security Sundowners on the Sunborn Yacht last night 🛥️🍸

And a big shoutout to our partners who helped make it happen: Tines, Cyera, Sublime Security, and Zenity 🙌

#BlackHatEU #BHEU #AppSec #Cybersecurity #Semgrep

Ready to shape the future of AppSec?

We are hiring across Engineering, Sales, and Marketing! Come build with us.

🌀See our open roles: https://semgrep.dev/about/careers/

Black Hat Europe is in full swing, and we’re live at booth #816 with great conversations happening all day 🙌

Come say hi to the Semgrep team to see how our AI-driven AppSec platform helps dev and security teams fix vulnerabilities earlier, reduce noise, and accelerate release velocity.

The Semgrep team has touched down for Black Hat Europe! 🇬🇧

We’re set up and ready to see you tomorrow at Booth #816. Stop by to see how Semgrep’s AI-driven AppSec platform helps dev + security teams find and fix issues earlier, cut noise across SAST/SCA/Secrets, and ship faster.