Appsec roundup - May 2026

New repudiation threats, fascinating results from rewriting code in rust, a new strategic plan for OWASP, AIs love their own slop, two new books, and more!

a photograph of a robot, sitting in a library, working on a jigsaw puzzle. The robot holds up the jigsaw puzzle, and snow is falling inside the library

This month leads off with economics: James Shore explains that You Need AI That Reduces Maintenance Costs and Sarah Choudhary explains The AI Layoff Bill Is Coming Due, And CTOs Are Going To Pay It Twice.

Threat Modeling

Angelina King reports that Scammers are getting Rogers customers to mail them 'free' iPads. “This scam doesn't trick people into buying something fake. It tricks them into giving away something real,” said Toronto police officer David Coffey.
Anthropic released How we contain Claude across products. This is in the threat modeling section because it reflects thoughtful threat modeling.
Also reflecting thoughtful threat modeling, it was nice to see my work cited in Anthropic’s Using LLMs to secure source code and threat modeling skill.

Appsec

A team re-wrote UUtils in rust. Colin Funk analyzes a set of uutils coreutils CVEs . As lcamtuf says: you know what coreutils are a fertile ground for? Race conditions around file creation, deletion, permission setting, and so on. The original code accounted for decades of hard-learned lessons in that space. The Rust rewrite did not.”
OWASP has released a Strategic Plan. I’m glad to see the board stepping up to define a strategic path. There are elements that are going to be controversial (I encourage those who care about OWASP to read the plan carefully.) All up, I think it’s a good plan.
Kevin Patel delivers 🔥 with ‘No Way To Prevent This,’ Says Only Package Manager Where This Regularly Happens.
Nurullah Demir and colleagues have a paper Keys on Doormats: Exposed API Credentials on the Web, studying key exposure on the web because of Javascript, complementing github, traditional place to publish secrets you meant to keep secret.

AI

The Berryville Institute for ML has released No Badness Meter for AI.
Phil Venables talks about High Frequency Trading and Lessons for Agentic AI.
Jiannan Xu, Gujie Li, Jane Yi Jiang have a paper, AI Self-preferencing in Algorithmic Hiring: Empirical Evidence and Insights, which talks about the dramatic and shocking effect of LLM self-preference on hiring pipelines. I suspect that the impact could be much worse with LLM-driven threat modeling: Less training data might lead to a stronger preference for an LLM’s own threat models.
Feiyue Xu and colleagues released SoK: Robustness in Large Language Models against Jailbreak Attacks, which looks like a comprehensive survey of currently available methods.

Books Recieved

Bart Miller and Elisa Heymann have released their Introduction to Software Security. I’m very excited to read the final version; Bart’s work on fuzzing in the early 1990s greatly influenced how I think about both reliability and the value of random testing.
Don't Get Hacked! Protecting Yourself At Home by Steven M. Bellovin. I've been reading Steve’s books since Firewalls and Internet Security and I’m looking forward to this one!

Shostack + Associates News

Adam and Erik will be delivering our classic Threat Modeling Intensive at OWASP Appsec EU in Vienna, June 23-24.
At ThreatModCon, Adam will be leading a Mastermind session, Layering defenses: A new hope? Vienna, June 27.
Adam and team will be delivering Threat Modeling Intensive with Complete AI at Blackhat August 1-4.

Image by midjourney: ”a photograph of a robot, sitting in a library, working on a jigsaw puzzle. The robot is spotlighted by light streaming in through a small window, through which you can it's snowing.” I appreciate how this one is holding up the jigsaw and it’s snowing inside, both demonstrating AI is bad at concepts.

Originally published by Adam on 02 Jun 2026
Categories: application security software engineering security