InfoQ Homepage Security Content on InfoQ
-
Agoda’s API Agent Converts Any API to MCP with Zero Code and Deployments
Agoda engineers developed API Agent, enabling a single MCP server to access any internal REST or GraphQL API with zero code and zero deployments. The system reduces overhead from multiple APIs, supports AI-assisted queries, and uses in-memory SQL post-processing for safe, scalable data handling across internal services.
-
WhatsApp Deploys Rust-Based Media Parser to Block Malware on 3 Billion Devices
WhatsApp has rewritten its media handling library in Rust, replacing 160,000 lines of C++ with 90,000 lines of memory-safe code for 3 billion devices. The rollout, part of a system called Kaleidoscope, uses differential fuzzing to ensure bug-for-bug compatibility. The move mirrors a decade-long industry shift toward memory safety, tracing back to Mozilla's first Rust MP4 parser deployment in 2016.
-
BellSoft Survey Finds Container Security Practices Are Undermining Developers’ Own Goals
Container security incidents are becoming a routine reality for software teams, and the tools meant to protect them may be making the problem worse.
-
LinkedIn Leverages GitHub Actions, CodeQL, and Semgrep for Code Scanning
LinkedIn has rebuilt its static application security testing (SAST) pipeline using GitHub Actions and custom workflows, enabling consistent, enforceable code scanning across thousands of repositories. The redesign improves security coverage, developer workflow, and observability while supporting the company’s shift-left strategy.
-
Cedar Joins CNCF as a Sandbox Project
Cedar, an open-source policy language architected by AWS, has joined the CNCF as a Sandbox project. Designed for fine-grained application permissions, it decouples access control from code using a verifiable, high-performance policy engine. Cedar supports RBAC, ABAC, and ReBAC, offering a secure, analyzable alternative to general-purpose tools like OPA.
-
Microsoft Releases Azure Functions Support for Model Context Protocol Servers
Microsoft has launched its Model Context Protocol (MCP) for Azure Functions, ensuring secure, standardized workflows for AI agents. With built-in OBO authentication and streamable HTTP transport, it addresses key security concerns. Now supporting multiple languages and self-hosting, MCP empowers developers to deploy with ease while safeguarding sensitive data.
-
What Testers Can Do to Ensure Software Security
A secure software development life cycle means baking security into plan, design, build, test, and maintenance, rather than sprinkling it on at the end, Sara Martinez said in her talk Ensuring Software Security. Testers aren’t bug finders but early defenders, building security and quality in from the first sprint. Culture first, automation second, continuous testing and monitoring all the way.
-
AWS Expands Well‑Architected Guidance with Data Residency and Hybrid Cloud Lens
Earlier this year, AWS launched the Well-Architected Data Residency with Hybrid Cloud Services Lens, providing guidance for hybrid cloud workloads. The lens covers data classification, operational practices, automation, and compliance, helping organizations manage data location while optimizing security, cost, and resilience.
-
Magika 1.0: Smarter, Faster File Detection with Rust and AI
Google has just released version 1.0 of Magika, a substantial rewrite of its open-source file type detection system. The new version leverages AI to support a broader range of file types and is built in Rust for maximum speed and security.
-
Five AI Security Myths Debunked at InfoQ Dev Summit Munich
Katharine Jarmul challenged five common AI security and privacy myths in her InfoQ Dev Summit Munich 2025 keynote: that guardrails will protect us, better model performance improves security, risk taxonomies solve problems, one-time red teaming suffices, and the next model version will fix current issues. She said that current approaches to AI safety rely too heavily on technical solutions.
-
JFrog Unveils “Shadow AI Detection” to Tackle Hidden AI Risks in Enterprise Software Supply Chains
JFrog today expanded its Software Supply Chain Platform with a new feature called Shadow AI Detection, designed to give enterprises visibility and control over the often-unmanaged AI models and API calls creeping into their development pipelines.
-
GitHub Rolls out Post-Quantum SSH Security to Protect Code from Future Threats
GitHub has deployed a hybrid post-quantum key-exchange algorithm for SSH access, strengthening protection against future quantum decryption threats. The rollout, now live across most regions, pairs classical and quantum-resistant methods to counter “store now, decrypt later” attacks and marks a major step toward quantum-safe software development.
-
Cloudflare Proposes Merkle Tree Certificates to Solve Post-Quantum TLS Performance Issue
Cloudflare's innovative Merkle Tree Certificates (MTCs) revolutionize WebPKI, enabling a seamless transition to Post-Quantum (PQ) cryptography without performance penalties. By minimizing TLS handshake overhead and integrating Certificate Transparency, MTCs promise enhanced security while addressing latency concerns, paving the way for future-ready internet security.
-
Inside the Architectures Powering Modern AI Systems: QCon San Francisco 2025
Senior engineers face fast-moving AI adoption without clear patterns. QCon SF 2025 brings real-world lessons from teams at Netflix, Meta, Intuit, Anthropic & more, showing how to build reliable AI systems at scale. Early bird ends Nov 11.
-
Rust Rewrite Enables Cloudflare to Boost CDN Performance and Enhance Security
By adopting Rust for one of its core subsystems, Cloudflare succeeded in reducing response time by 10 ms and boosting performance by 25%. Additionally, the company emphasized that Rust made their system more secure and reduced development time.