Mend.io Full Layout with Copy

Hello test,

AI and open source are now core to how software is built, and they are also becoming the fastest-growing sources of security and compliance risk. This month’s updates focus on practical ways to validate AI security controls, prepare for audits, and stay ahead of real-world supply chain attacks.
 
 

What's new
New resources to help you assess risk and plan next steps.

Podcast Series Launch: Securing The Build

Mend.io and Cybersecurity Ventures launched a 25-episode series, rolling out throughout 2026, hosted and syndicated by Cybercrime Magazine and reaching more than one million cybersecurity subscribers.

Episode 1 features Amit Chita on the future of AI and AppSec tooling, including how AI can serve as a force multiplier for security teams and how organizations can stay ahead of emerging risks.
 
 

AI Security Maturity Survey + Compliance Checklist

Answer the question security leaders will be asked in 2026:

“Can you prove your AI is secure?”

This 5-minute interactive survey benchmarks your AI security maturity against OWASP AIMA, NIST AI RMF, ISO 42001, and the EU AI Act, and delivers a prioritized roadmap plus an audit-ready compliance checklist you can use immediately.
 
 

Mend Forge
Early access to experimental security capabilities.

AI Agent Configuration Scanning

AI assistants introduce a new attack surface through agent configuration files. Those files need to be secured just like source code.

Mend.io is the first to introduce AI Agent Configuration Scanning, available now in Mend Forge as an experimental project. It helps teams:

  • Scan agent configuration files for risky settings and permissions
  • Enforce security policies in CI to stop misconfigured agents before production
  • Identify high-risk permissions to prevent unauthorized data access and system exposure
 
 

Popular Reads
Here’s what other security and engineering leaders are reading right now.

Automated Red Teaming: Capabilities, Pros and Cons, and Latest Trends
What automation catches, what it doesn’t.

Read the guide

You can’t rely on open source for security, not even when AI is involved
Why speed is not the same as security.

Read the article
 
 

Upcoming Webinars
Join us live to learn how other teams are tackling modern AppSec challenges:

Malicious Packages and Malware Campaigns: The New Reality of the Software Supply Chain | Feb 26 | 11 AM ET

Open source registries are now a primary attack surface. Join Amit Chita and Ben Rieger for a technical deep-dive into real malicious-package investigations, how attacks move from developer workstations into CI/CD and production, and the exact detection and containment steps teams are using today.
 
 

Meet Mend.io in person
If you're attending, connect with our team live.

Tech Show London 2026 | March 4-5 | Excel London

If you’ll be at Tech Show London, stop by Booth C239 to see how teams eliminate vulnerable libraries fast, prioritize what actually reduces risk, and prove measurable security outcomes across AI-driven and traditional applications.

RSAC 2026 | March 23–25 | Moscone Center, San Francisco

If you’re heading to San Francisco for RSA, visit Booth #1443 to explore how Mend.io helps enterprises neutralize software supply chain risks. We’ll show you how to automate the remediation of vulnerable libraries and secure your AI-generated code without slowing down your pipelines.
 
 

Customer Quote of the Month
Yahoo Quote
 
 
See how Mend.io unifies AppSec risk across code, cloud and AI. Explore the Mend.io platform.