-
JVMXRay Life’s Lessons
Shameless plug for my JVMXRay project. ;o) [More…]
-
Observable Software Supply Chains in Java
Ask most Java shops what their software supply chain looks like and you’ll get a copy of a pom.xml or a build.gradle. Ask them what actually got loaded into the JVM at runtime and the room goes quiet. Those are different questions, and the gap between them is where supply chain risk quietly lives. A build file is [More…]
-
Application Observability: AI Can’t Secure A Problem It Can’t See
Most of the AI security conversation right now centers on, prompt injection, jailbreaks, and guardrails. That work matters, but it skips a more fundamental question: when your AI-enabled application is actually doing, do you know what it is doing when it executes? Not what your code says it was supposed to do. What it is actually doing. [More…]
-
AI Security, A Different Approach
There are a number of approaches to application security proven useful over the years: web application scanning, static analysis, and methodologies that embed security into the software development lifecycle like “shift left.” Did any of these prepare us for the AI revolution? Early on, security practitioners noticed many of the old attack techniques we’d built [More…]
-
Setup JVMXRay To Monitor Your Java Application Security
JVMXRay is a free, open-source Java agent that gives you runtime visibility into what your application is actually doing — file access, network connections, process execution, class loading — without changing a single line of your code. This guide walks you through cloning, building, and attaching JVMXRay to a Java application in about ten minutes. Prerequisites [More…]
