In Partnership With

The future of secure AI-driven development is here, and DevSecCon25 is leading the conversation!

Join us on October 22, 2025 for this one-day event to hear from leading experts in AI and security from Qodo, Ragie.ai, Casco, Arcade.dev, and more! The full agenda includes:

- Mainstage - Hear inspiring keynotes from leaders in AI and cybersecurity. Expect forward-looking insights, industry thought leadership, and a vision of what’s next in the world of secure AI.

- AI demos track - Bring your laptop and join us for interactive, hands-on demos under the theme “Build and Secure with AI.” You'll leave with skills you can immediately apply.

- AI security track - Cutting-edge talks exploring the evolving security challenges of the AI era. Discover how to safeguard AI-driven applications, gain visibility into models, and secure agents across the SDLC.

- Snyk innovation track - Experience the latest advancements from Snyk in this dynamic track featuring live product demos, major announcements, and customer success stories.

Don't miss this opportunity!

Smart Links in Email Campaigns Are Being Weaponized

Attackers are abusing marketing link shorteners (like Mailchimp, SendGrid, or HubSpot) to bypass email scanners and redirect to phishing pages post-click.

Treat marketing redirects as potential phishing vectors. Rewrite or strip URLs server-side and scan final destination before browser resolve.

“Trusted” Contractor Access Isn’t Being Revoked Promptly

Freelancers, vendors, and seasonal staff often retain access weeks or months beyond project end—especially to GitHub, CMS, or billing portals.

Link contractor access to expiration policies. Enforce project-based timeouts and notify owners before renewals or auto-revocation.

Local Admin Privileges on Mac Devices Go Unchecked

Many Mac fleets still grant local admin rights by default—especially in BYOD or hybrid setups—enabling untracked installs, tunneling, and persistence.

Shift to privilege-on-demand models. Log elevation events and alert when privilege is granted outside of change windows.

“Dark Mode” Phishing Is Fooling Mobile Users

Attackers are designing phishing pages in dark mode themes to mimic common mobile UIs and accessibility settings—making domain indicators harder to read.

Train for visual phishing cues beyond branding. Encourage mobile URL inspection and warn when site contrast settings don’t match expectations.

Dev Teams Are Reusing Secrets Across Environments

Staging, QA, and production environments often share identical API keys, DB passwords, or webhook secrets—making lateral movement trivial.

Force separate secrets per environment. Rotate regularly and deny multi-environment credentials by policy.

Monitoring Dashboards Are Not Alerting on Data Pulls

While most dashboards alert on login attempts, few monitor data export events, massive filter queries, or “download all” behavior—leading to silent IP leakage.

Integrate dashboard logging with SIEM. Alert on behavioral outliers like CSV exports, wide filters, or large record loads by non-technical users.