CybeDefend
Blog

Research, write-ups, tutorials.

How AppSec changes when agents write the code. Logic flaws, MCP, agent-time security. New every week.

Talk to us
Latest postSecurity

AI Coding Agent Security: The Agent-Time Model

AI coding agents write, run and ship code at machine speed. Why post-PR scanning fails, what agent-time security means, and how to secure Claude Code, Cursor, Copilot, Windsurf and Codex.

15 min readRead article

All posts

14 articles
Research

Business Logic Flaws in AI-Generated Code: Why Your Scanner Is Blind

SAST finds injection; it cannot see broken authorization, missing tenant scoping or a negative-quantity cart. Why AI agents ship business logic flaws, and how to catch them at agent-time.

CYBEDEFEND13 min read
Read more
Security

MCP Security: Tool Poisoning, Prompt Injection, and How to Lock Down Agent Tools

The Model Context Protocol gives AI agents real tools, and a real attack surface: tool poisoning, rug pulls, prompt injection. How the attacks work and how to block them at agent-time.

CYBEDEFEND19 min read
Read more
Security

Vibe Coding Security: The Risks You Ship With, and How to Catch Them

Vibe coding ships features fast and vulnerabilities faster: hardcoded secrets, broken auth, injection, no input validation. The real risk classes by CWE, and how to secure vibe coding at agent-time.

CYBEDEFEND17 min read
Read more
Security

Windsurf Security: Risks, Controls, and Best Practices

Windsurf's Cascade agent edits files, runs commands and calls MCP tools. The real security risks, what the built-in controls cover, and how to secure Windsurf.

CYBEDEFEND24 min read
Read more
Security

Claude Code Security: Risks, Controls, and Best Practices

Claude Code reads your repo, runs shell commands and calls MCP tools. The real security risks, what built-in controls cover, and how to secure it.

CYBEDEFEND21 min read
Read more
Security

Cursor Security: Risks, Controls, and Best Practices

Cursor reads your repo, runs tasks and generates code fast. Here are the real Cursor security risks, what built-in controls cover, and why they fall short.

CYBEDEFEND22 min read
Read more
Release

Rust SAST is mostly theatre. We just shipped the real one.

Most Rust SAST is pattern matching: false positives plus missed bugs. Here is why dataflow analysis catches the SQL injection, XSS and SSRF it cannot.

CYBEDEFEND9 min read
Read more
Security

GitHub Copilot Security: Risks, Controls, and Best Practices

GitHub Copilot security explained: where its content exclusions, secret scanning and IP indemnity help, the real risks they miss, and how to close the gap.

CYBEDEFEND23 min read
Read more
Security

OpenAI Codex Security: Risks, Controls, and Best Practices

OpenAI Codex security explained: what its sandbox and approval modes cover, the top risks from command injection to supply chain, and how to govern it.

CYBEDEFEND23 min read
Read more
Product

VibeDefend Just Shipped. Your AI Agent Has New Rules, Installed in 5 Seconds.

One npx line wires Claude Code, Cursor, Codex, Windsurf and VS Code Copilot into your governance layer: business rules, OWASP, SOC 2 and GDPR, action guards.

CYBEDEFEND10 min read
Read more
Research

Why your scanner reports 1,200 vulnerabilities and only 12 are real

Open any SAST report and you see hundreds of red flags. A field guide to reachability, exploitability and business logic, and why scanners confuse them.

CYBEDEFEND9 min read
Read more
Research

The $0 Shopping Cart: Why Your "All-Green" SAST Report Is Lying To You

Their CI/CD was perfect. Snyk ran, Dependabot watched, every indicator was green. Ten minutes into the audit, I bought their entire inventory for 0 euros.

CYBEDEFEND5 min read
Read more
Research

The Evolution of Secure by Design in the AI Era

AI is redefining Secure by Design, turning static security into proactive defense. See how AI agents predict and prevent threats before they happen.

CYBEDEFEND7 min read
Read more
Live · just shipped

Install VibeDefend in 5 seconds.

One command. Every coding agent on your laptop wired to CybeDefend: business rules mined from your code, security rules from the frameworks your auditors expect, action guards that block dangerous calls before they fire.

Install in 5 secondsNode 18.17+
npx -y @cybedefend/vibedefend@latest install
Auto-detects
  • Claude CodeClaude Code
  • CursorCursor
  • OpenAI Codex
  • WindsurfWindsurf
  • GitHub CopilotVS Code Copilot
Read the README on npm