A decadent introduction by Jade Lee Our world is made up of an astronomical amount of data. Beyond internet traffic and hard drives, we now supply a consistent stream of data through our cars, refrigerators, doorbells, and most importantly, our words. Almost the entire expanse of human thought and home can be translated into vector embeddings, […]
Redpoint Security Blog
Navigating the AI Frontier: How Redpoint Security is Integrating Artificial Intelligence into Application Security
Artificial intelligence is rapidly transforming industries, and application security is no exception. At Redpoint Security, we’ve been on a journey to understand and leverage the power of AI, not just to enhance our own capabilities, but also to help our clients navigate the evolving threat landscape and securely incorporate AI into their own applications and […]
Breaking Bad: How to Identify and Overcome Destructive Fatigue
Introduction In fields that require constant analysis, critique, and problem-solving—such as information security, auditing, and quality assurance—there’s a unique form of burnout that many professionals experience: destructive fatigue. Unlike traditional burnout, which is often tied to excessive workload, destructive fatigue stems from the mental toll of constantly tearing things down without opportunities to build. This […]
How AI and LLMs Will Shape AppSec in 2025
Four Predictions for AppSec in 2025 By Ken Johnson and Seth Law In this joint blog from Seth Law at Redpoint and Ken Johnson at DryRun Security, we highlight how 2025 will be a pivotal year for large language models (LLMs) in AppSec. Building on the momentum of 2024, LLMs are moving from novelty to […]
Redpoint Security Interns at DEFCON32
Adelyn Wengreen, a first-time Def Con attendee My first experience at DEF CON was awesome. As someone still new to this industry, I had no idea what to expect going in, but I really enjoyed the whole weekend. My favorite presentation was My Conversations With a GenAI-Powered Virtual Kidnapper by Perry Carpenter. He talked about […]
The experience of a beginner in the field of Appsec.
My name is Trevon Greenwood, and I am a Junior Security Analyst at Redpoint Security. This post outlines my experience as a beginner in the field and what a day at work looks like for me. I have been with Redpoint for just over a year now, so I think I’ve accrued enough experience as […]
AppSec Travels 3: Account Takeover
During a recent assessment, our team came upon a vulnerability that felt like finding a hidden door in a seemingly secure fortress. The discovery involved the password-reset mechanism of an application, allowing us to reset any user’s password with just their email address. This flaw circumvents authentication, giving unauthorized access to user accounts. Here’s how […]
Polyfill io and Surveyor’s Continuous Dependency Monitor
In the aftermath of the polyfill supply-chain attack that reportedly compromised the security of some 100,000 applications across the Internet last week (arstechnica reports that over 384K sites are still pulling the package subsequently), our team at Redpoint realized quickly that it was a real-world case of feature within Redpoint’s Surveyor tool. That is, lead […]