Mend.io | LinkedIn (original) (raw)

Software Development

Boston, Massachusetts 33,987 followers

Welcome to the AI Native World! Software’s DNA has changed. The rules of application security will never be the same.

• Discover all 256 employees

• Overview

• Jobs

• Life

About us

Meet the AI native AppSec platform built for enterprise scale At Mend.io, we believe security should empower, not block. Our mission is to make application security frictionless for developers and scalable for security teams without compromise.

Industry

Software Development

Company size

201-500 employees

Headquarters

Boston, Massachusetts

Type

Privately Held

Founded

2011

Specialties

container security, open source security, application security, DevSecOps, AppSec, SAST, SCA, Static Application Security Testing, vulnerabilities, dependencies, Software composition analysis, open source compliance, container security scanning, dependency updates, secure code, secure coding, open source licenses, code scanning, SBOM, Software supply chain security, SSCS, and AI Red Teaming

Locations

Employees at Mend.io

Updates

• 
  33,987 followers
  4h Edited
  The AI that writes your code is also the one best at breaking it. Same capability, pointed two directions. So when it tells you the code is safe, who's actually checking? Not the model that wrote it. That's self-attestation, not verification. Not the lab that ships it. Their job is to prove it's safe, not to find every reason it isn't. This month drove it home: the US government pulled Anthropic's top models over a single cyber jailbreak, while OpenAI opened frontier cyber capability wide with Daybreak. Opposite bets, same truth underneath. AI made finding vulnerabilities cheap and loud. The hard part now is verification, which findings are real, reachable, and actually closed fast enough to keep up with code that never stops generating. That needs an independent layer. Neutral across whatever wrote the code. The only structure that holds. The independent layer always existed. Frontier models just made it urgent.Mend.io's EVP of Product, Asaf Saar, breaks it down⬇️ https://bit.ly/4a6kOQk
  AI-Generated Code Security: Why AI Can't Self-Verify
  
• Mend.io was proud to participate in the OWASP San Antonio Supply Chain Security Summit last week. The half-day event brought together practitioners across AppSec, third-party risk, detection engineering, and incident response — for a refreshingly honest look at where supply chain security stands today. Three themes that stuck with us: 1. The kill chain is longer than most teams realize. Supply chain attacks don't happen in isolation. From initial vendor compromise to lateral movement and exfiltration, the stages are well-defined — and traditional defenses are missing critical detection points along the way. 2. AI is now an attacker's tool, not just a defender's. Adversaries are using LLMs to forge identities, exploit dependency ecosystems, and accelerate vulnerability discovery at scale. If your threat model hasn't been updated to account for this, it's already outdated. 3. Threat-informed defense has to extend to suppliers. SBOMs, continuous supplier monitoring, and zero trust principles for vendor relationships aren't nice-to-haves — they're table stakes for any organization with a meaningful third-party footprint. The closing panel asked the harder question: what's the supply chain threat we're not ready for? From open source dependencies to AI model supply chains, the accountability gaps between vendors and customers remain dangerously wide. Thanks to Joseph Gregorio and the entire OWASP San Antonio team for putting together such a high-signal event. And a special shoutout to Dima Gorbonos and Dan W. Smith for representing Mend.io — you made us proud.#SupplyChainSecurity #AppSec #OWASP #CyberSecurity #SoftwareSupplyChain #OpenSourceSecurity #Mend
  
• 🔍 Think you can spot a malicious package before it hits production? Frontier Stack Inc. has a problem buried somewhere in their supply chain. Your job: find it in 90 minutes. On June 18th, https://bit.ly/3SFAjIW, Chainguard, and Cloudsmith are hosting a live, team-based Capture the Flag where the threat is real, the clock is ticking, and the stakes are higher than a typical Tuesday. This is not a demo. Not a slideshow. You'll: → Hunt a real dependency attack through a deliberately ungoverned supply chain → Trace how far the blast radius reaches → Build the policy that would have caught it first → Compete for a Raspberry Pi 5 🍓 11 AM EDT | June 18th | Register at the link in comments#SupplyChainSecurity #AppSec #DevSecOps #CaptureTheFlag #SoftwareSupplyChain
  
• Your backlog is growing. Your team isn't. And the window between finding a vulnerability and seeing it exploited just got a lot smaller. AI is changing how software gets broken faster code generation, smarter discovery tools, and AI-assisted exploitation mean the clock starts ticking the moment a flaw exists. Join Saoirse Hinksmon and Daniel Wyrzykowski as they break down what's actually shifting in AppSec, and what your security program needs to do about it. 📅 Thursday, June 25th @ 11 AM ET 🔗 Register now: https://bit.ly/4xyPQdO
  
• Which AI myths CISOs can no longer afford to believe? Our Co-Founder and CEO, Azi Cohen, weighs in on Cyber Security Tribe. His take: AI hasn't replaced the fundamentals of security. It's made failures in those areas far more expensive. The real challenge isn't finding more AI security tools. It's operationalizing security across an AI-driven development lifecycle continuous visibility, developer-native remediation, and automation at enterprise scale. Read the full piece 👇https://bit.ly/4a26QyT #CyberSecurity #AppSec #CISO #AISecuity #SoftwareSupplyChain #DevSecOps #Mend
  
• 
  33,987 followers
  2w Edited
  🤠 Frontier Stack Inc. has been compromised. We need your posse. Somewhere in their supply chain, an outlaw package is hiding. You've got 90 minutes to find it. Join Mend.io, Chainguard, and Cloudsmith on June 18th for a live, team-based Capture the Flag — where you'll hunt a malicious package through a real (deliberately ungoverned) software supply chain before it hits production. This isn't a webinar! It's a hands-on threat hunt: → Investigate a real dependency attack scenario → Trace the blast radius → Build the policy that would have stopped it → Win a Raspberry Pi 5 🍓 11 AM EDT — register now [link in comments] "Frontier Stack didn't have a gate. Now you've seen what one looks like."#SupplyChainSecurity #AppSec #DevSecOps #CaptureTheFlag #SoftwareSupplyChain
  
• Mend.io reposted this
  Big day at the Gartner Security & Risk Management Summit in beautiful National Harbor, DC! Find Mend.io in the Application Security section of the exhibit floor, the buzz here is real. If you're at the conference, stop by and see how we are redefining what's possible. Built for every risk, across AI Security and AppSec. Congratulations to **Scott Jeffries from DETR** today's winner of the Bose headphones raffle! Well deserved! Not a winner today? Don't worry **all raffle tickets roll over to tomorrow**, so your shot at the next prize is still very much alive. Stop by, say hello, and stay in the running! See you there. Scott Snowden Gary M. Segal Rich Graham Stephanie Broyles #AppSec #AISecurity #GartnerSRM #Gartner #ApplicationSecurity #Mend
  
  ``
• Big day at the Gartner Security & Risk Management Summit in beautiful National Harbor, DC! Find Mend.io in the Application Security section of the exhibit floor, the buzz here is real. If you're at the conference, stop by and see how we are redefining what's possible. Built for every risk, across AI Security and AppSec. Congratulations to **Scott Jeffries from DETR** today's winner of the Bose headphones raffle! Well deserved! Not a winner today? Don't worry **all raffle tickets roll over to tomorrow**, so your shot at the next prize is still very much alive. Stop by, say hello, and stay in the running! See you there. Scott Snowden Gary M. Segal Rich Graham Stephanie Broyles #AppSec #AISecurity #GartnerSRM #Gartner #ApplicationSecurity #Mend
  
• We’re live today. If dependency updates are piling up faster than your team can review and merge them, this webinar is for you. Join Jamie Tanna and Amir Shahmiri today to learn how security and development teams can better govern dependency risk, reduce exposure windows, and use automation to keep remediation moving. 🗓 Today | 11:00 AM ET 🔗 Save your spot: https://lnkd.in/e-dxpyVR
  
• 
  33,987 followers
  3w Edited
  Open source licensing was already complicated. Then AI came along and rewrote the rules. Our Complete Guide to Open Source & AI Licensing 2026 gives engineering, legal, and security teams a clear compliance framework built for the way modern software is actually developed. Compliance red flags – highest-risk licensing scenarios and how to address them AGPL & GPL compliance – how copyleft behaves in AI delivery Open weights vs. open source AI – what the distinction means for your obligations Compliance workflow – covering code, models, datasets, and deployment Link in comments.#OpenSource #AILicensing #AGPL #GPL #Mendio
  

Join now to see what you are missing

Join now

Similar pages

Browse jobs

• Engineer jobs 555,845 open jobs
• Analyst jobs 694,057 open jobs
• Manager jobs 1,880,925 open jobs
• Senior Software Engineer jobs 78,145 open jobs
• Support Engineer jobs 294,729 open jobs
• Installer jobs 294,823 open jobs
• Customer Service Representative jobs 185,647 open jobs
• Data Engineer jobs 192,126 open jobs
• Developer jobs 258,935 open jobs
• Data Analyst jobs 329,009 open jobs
• Account Executive jobs 71,457 open jobs
• Regional Security Manager jobs 3,574 open jobs
• Deployment Specialist jobs 28,928 open jobs
• Project Manager jobs 253,048 open jobs
• Software Engineer jobs 300,699 open jobs
• Student jobs 634,404 open jobs
• Researcher jobs 195,654 open jobs
• Sales Manager jobs 310,050 open jobs
• Human Resources Business Partner jobs 19,788 open jobs
• Mechanical Engineer jobs 46,392 open jobs

Funding