Cycode

2X Product Security All-Star, Nikola Dalcekovic has spent years securing a global enterprise. Hundreds of engineers. Multiple R&D regions. High-profile products across industries where software failure has real-world consequences. His take for 2026: product security is extending into governing behavior, not just defending code. Nikola, Cybersecurity Officer, Prosumer Software, at Schneider Electric and returning Product Security All-Star, shares his full approach in the report. → Read all interviews here: https://lnkd.in/g_GdRd3U #ProductSecurity #AllStars2026 #Cycode

AI will make code cleaner. The attack surface will still grow. Here's the math that gets lost in the optimism: AI doesn't just try to reduce risk per line, it dramatically increases the number of lines created. Even a lower rate of risk at 100x the volume is still a larger total attack surface than messier code written by humans alone. So what actually gets harder as AI scales? Not detection. Detection gets cheaper. Judgment. Deciding what's actually exploitable in your environment. Which team owns it. Whether to interrupt a sprint or wait. Which remediation path won't break production. Every AI product ships with the same disclaimer: "AI can make mistakes. Please double-check responses." The most capable models in the world still tell you a human needs to own the output. Application Security is no different. The advantage in application security isn't going to come from who finds the most issues. It's going to come from who prevents them earliest and helps organizations decide what to do about the rest. We wrote about why cleaner code alone isn't the answer: https://lnkd.in/gnSCXGZV

Product security has changed more in the last year than in the previous decade. It’s not a trend. Not a prediction. AI has turned anyone into a builder. Code is shipping faster than teams can understand, prioritize, or secure it. Autonomous systems can find and exploit vulnerabilities at machine speed. More scans, more alerts, more triage is hitting a wall. After hundreds of nominations and a review of Product Security leaders, we're excited to introduce the top leaders. Meet the 2026 Product Security All-Stars: the innovators and practitioners from StoneX, Schneider Electric, GitLab, Ciena and more who are defining what secure agentic development looks like. → Read the report: https://lnkd.in/gPFx_fGt Nikola Dalcekovic (2X All-Star), Cybersecurity Officer, Prosumer Software, Schneider Electric Priya Balasubramaniam, Head of Innovation Center, Product & Application Security, Ciena Anshuman Bhartiya, AI AppSec Engineer Miriam Celi (She/Her), Director of EIP Security Architecture, Humana Julie Chickillo, VP, Head of Cybersecurity, Guild Education Jamie Dicken, Director of Security Platforms and Architecture, GitLab Daniel Hammon, CISSP, MBA Hammon, Director, Information Security and Compliance, Signifyd Conleth Kennedy, Application Security Manager, Unum Kevin Markley, Senior Manager of Platform Security, Veeam Kimberly M., Product Security Leader Cássio Batista Pereira, Senior Application Security Evangelist, StoneX Group Rusty Perry - M.S., MBA, Enterprise CISO Leader Chase Pettet, Principal Security Engineer, Life360 Michael Westphal, DevSecOps Lead, Harman #ProductSecurity #ApplicationSecurity #AllStars2026 #Cycode

Mapping sensitive data is the first step toward removing the fear of AI. In this clip, Chris P. (CISO at Unity) shares a practical strategy for moving from intangible anxiety to a prioritized roadmap. He explains that by mapping sensitive data sources and their interconnections, security leaders can empower their teams to build with clarity. When you understand how AI interacts with your most critical assets, you can stop worrying about every hypothetical risk and start focusing on what actually matters. Watch the full session and catch up on all the insights from the Product Security Summit in our recap blog. Read the full recap here: https://lnkd.in/eZ2Y-BwV #ApplicationSecurity #ProductSecurity #AI #CISO #DataSecurity #CyberSecurity #Unity

Big #hugops to the team at Vercel for the transparency on their most recent security incident. A couple things stand out from this: 1️⃣ AI-driven tooling created new visibility gaps that attackers were able to exploit 2️⃣ This may be the first major platform to openly say a breach was significantly accelerated by AI With agents, a single attacker can now do what used to require a coordinated team. The next 12 months aren’t about whether attackers use AI. They already do. They’re about whether defenders can match the tempo. The software supply chain isn’t what it used to be. It’s dynamic, AI-driven, and operating at machine speed. At Cycode, we’re here and we’re committed to helping teams navigate what comes next.

Cycode is excited to attend Clutch Events' San Francisco Secure Software and AppSec Summit on May 14. This is a fantastic opportunity to dive deep into the evolving landscape of application security and DevSecOps. Stop by to meet our team and learn how our agentic development security platform is helping organizations secure their software lifecycle with speed and precision. Best of all? Registration is completely free. Register here: https://lnkd.in/gcg-83Yh The Cycode team on the ground: Joe Donnelly, William Derksen, Amir Kazemi, Monica Nio, CMP #AppSec #Cybersecurity #DevSecOps #Cycode #SoftwareSecurity

Cycode is thrilled to be part of GPSec NYC on April 21. We are looking forward to a full day of networking and innovation at the premier cybersecurity event hosted by GuidePoint Security. The threat landscape is moving faster than ever. Join us to explore how our agentic development security platform provides the visibility and protection needed to stay ahead. The event is free to attend for qualified participants. Secure your spot and come say hello to the team. Request your registration here: https://lnkd.in/duf9sk3J We look forward to seeing you in the city! 🍎 Our team on the ground: Eric Kim, Brandon Vella, Dan Kehew #GPSEC #Cybersecurity #NYC #DevSecOps #Cycode

94% Of the first 100 Maestro conversations, that’s how many invoked at least one agent skill beyond a plain text response. The most complex requests required 3+ sequential tool calls before producing an answer. This is where the distinction between "AI chat" and "agentic security" becomes real. It is also where practitioners are finding significant time savings. In the first 100 conversations, practitioners saved an estimated 60 hours as they offloaded complex tasks and leveraged Maestro to plan, query, analyze, and report. Read the full analysis of the first 100 Maestro conversations: https://lnkd.in/ggjEJMKg

You cannot build a quality product with poor raw materials. In this clip, Cássio Batista Pereira (Application Security Evangelist at StoneX Group Inc.) shares a powerful analogy. Just as you need high quality wood to build a sturdy wardrobe, you need high quality requirements to build secure software. By focusing on the raw materials of the development process, which are the requirements, security teams can prevent vulnerabilities before a single line of code is even written. Catch the full session and more insights from our Product Security Summit in our recap blog. Read the full recap here: https://lnkd.in/eZ2Y-BwV #ApplicationSecurity #ProductSecurity #SoftwareDevelopment #SDLC #CyberSecurity #SecureByDesign

A year ago, the hardest problem in product security wasn't the technology. It was the conversation. It was about aligning engineering, leadership, and the entire organization on the idea that security isn’t a bolt-on. It’s the foundation. The 2025 Product Security All-Stars cracked that code. Practitioners from GitLab, Schneider Electric, Meta, and beyond turned a discipline fighting for legitimacy into one that sets the pace for the business. They proved security could feel like velocity, not friction. Then, AI changed the stakes. The old playbook of more scanners, more alerts, more triage has hit a scalability wall. Soon we will announce the 2026 Product Security All-Stars leading in this new reality. But first, we celebrate the leaders who laid the foundation. Read the 2025 Product Security All-Stars Report: https://lnkd.in/g_jfVgAB #ProductSecurity #AppSec #AllStars2025 #Cycode