Seal Security

Seal Security is heading to BSidesKC, Inc this weekend! We’ll be sharing insights from our latest research on the Silent Patch Gap and diving into Mythos and the evolving AI SDLC landscape. If you’re attending, come find us - we’d love to connect and discuss what’s next in automated open source vulnerability remediation. Read more about the research here: https://lnkd.in/ehgKXw3s

We’re entering a new reality in security. The gap between fix commit and advisory has always existed - but with agents, that gap is now actively being weaponized. Our CEO Itamar Sher breaks down what this means, why traditional disclosure timelines are no longer sufficient, and how we’re thinking about closing the window. If you’re relying on advisories as your trigger point, this is worth a watch. More details about the program - https://lnkd.in/ehgKXw3s

Anthropic told the world on April 7 that Claude Mythos turns a fix commit into a working exploit in minutes. What they didn't say out loud: the disclosure process most of the industry relies on was already leaking exploits, long before Mythos. We studied historical security fix commits and CVEs data across all programming languages, and spent Q1 watching 100,000+ JavaScript repositories and handing security-patching commits to a blind Sonnet 4.6 agent - no CVE id, no advisory text, nothing a human analyst would normally read first. Here's what fell out: → 𝟵𝟰% of CVEs have a public fix commit before the advisory → Median patch gap: 𝟭𝟭 days. Critical CVEs: 𝟯𝟬 days → Maven: 𝟭𝟲𝟳 days. → 𝟵𝟳 working exploit POCs generated from the diff alone → 𝟵𝟵% of security fixes can be applied surgically without breaking code changes using Seal If your SCA scanner waits for NVD, GitHub Advisory, or OSV, your attackers have already read the commit, prepared an exploit using agents, and still have weeks of a head start. Today we're launching the 𝗠𝘆𝘁𝗵𝗼𝘀 𝗥𝗲𝗮𝗱𝗶𝗻𝗲𝘀𝘀 𝗣𝗿𝗼𝗴𝗿𝗮𝗺 - for the 99% of companies that aren't inside Anthropic's private Glasswing review. 50 companies get full access to the Seal platform, plus implementation support from our engineers to integrate it into agentic pipelines. Same fixes, weeks earlier than the advisory. No upgrade required. No supply-chain risk. No vendor lock. Anthropic gave defenders 100 days. We intend to use them. A link to apply is in the first comment. Or comment with “𝙖𝙜𝙚𝙣𝙩𝙞𝙘 𝙨𝙚𝙖𝙡𝙞𝙣𝙜” and we’ll contact you directly.

Following the emergency summons of bank CEOs by Secretary Bessent and Chair Powell, one thing is clear: legacy defenses are no match for AI-driven threats. We’re entering an era of autonomous attacks and AI-powered exploitation - and banks are now expected to patch at machine speed, without risking downtime. At Seal Security, we enable Surgical Patching: precision backporting of fixes into the exact versions you already run. Join our webinar hosted by our CPO & Co-Founder, Alon, to learn how leading banks are adapting in real time

Trust in the software supply chain isn’t optional - it’s everything. At Seal Security, we don’t just talk about security - we engineer it into every layer of what we deliver. Because when our packages run in your production, our security becomes your security. In this post, our CTO Lev Pachmanov - with a background in Applied Cryptography and experience from Unit 8200 - pulls back the curtain on how we protect our own supply chain - from cryptographic design to real-world key management and verification under adversarial conditions. No buzzwords. No hand-waving. Just how it’s actually built. Read more: https://lnkd.in/eDzGwgeM

AI-generated code is already transforming how engineering teams build. But securing it at enterprise scale? That’s a whole new challenge. At Seal Security, we’re helping organizations take control of the risks that come with AI-assisted development - without slowing innovation down. Want to see how it works in practice? Come meet the Seal team at OWASP® Foundation BASC today and learn how to: ● Remediate vulnerabilities in AI-generated code ● Detect and mitigate risks from malicious or compromised libraries ● Maintain secure, compliant development workflows ● Scale security without blocking developers If you’re thinking about how to safely adopt AI in your SDLC, this is a conversation worth having. See you there 👇

Anthropic’s Mythos preview is one of those moments where you need to recalibrate your mental model of security. This isn’t just "AI helps find bugs faster."   This is AI compressing the entire lifecycle from discovery → weaponization → exploitation. A few takeaways: • Autonomous discovery and exploitation across real systems • Thousands of high-severity vulnerabilities uncovered (including decades-old ones) • Working exploits generated with minimal expertise • ~10–100× performance vs. human teams For years, defenders relied on time: • Time between discovery and exploit   • Time before widespread abuse   • Time to triage and remediate   That buffer is disappearing. And manual remediation doesn’t scale anymore - not because teams aren’t good, but because the problem is now operating at machine speed. Where this is going: We’re moving from find → prioritize → fix to "𝗰𝗼𝗻𝘁𝗶𝗻𝘂𝗼𝘂𝘀, 𝗮𝘂𝘁𝗼𝗺𝗮𝘁𝗲𝗱 𝗿𝗲𝗺𝗲𝗱𝗶𝗮𝘁𝗶𝗼𝗻 𝗮𝘁 𝗔𝗜 𝘀𝗽𝗲𝗲𝗱" Bottom line: If vulnerabilities can be discovered and exploited instantly, they need to be fixed just as fast. That’s exactly what we’re building at Seal - enabling teams to automatically remediate vulnerabilities at the pace of AI, not weeks or months later. If this shift is on your radar, happy to connect.

👉 "If I have a high vulnerability that I won’t have a patch for 3-4 months… my SLA is already broken." Kyle Kurdziolek, VP of Security at BigID, put it simply: at scale, keeping up with vulnerabilities puts SLAs constantly at risk. Here’s what changed: "Seal Security delivers a pragmatic solution that can be easily integrated within our CI/CD pipelines." Instead of waiting months for fixes: ✔️ Patch vulnerabilities immediately ✔️ Stay on the same library version ✔️ Remediate at the speed of AI "I can now patch without upgrading… and keep my libraries vulnerability-free." Faster remediation. Stronger compliance. Actually practicing what you preach.

Seal Security is honored to be named a Cyber 150 winner by Richard Stiennon. The Cyber 150 program recognizes mid-sized vendors driving real impact through innovation and execution. At Seal, we're redefining how organizations handle open source vulnerabilities with an agentic approach - automatically remediating issues at scale without disrupting development. Thank you, Richard, for recognizing Seal Security among a new generation of companies pushing cybersecurity forward. Explore the full Cyber 150 for 2026 list: https://lnkd.in/esb6vFKF

Seal is growing 🚀 Our mission is to build the AppSec agent - a system that actually fixes vulnerabilities, not just finds them. We’re rethinking how organizations handle open-source security by automating remediation at scale. And this is becoming critical in a world where AI is generating more and more code - faster than humans can realistically secure it manually. We’re looking for exceptional people to join us on this journey. We’ve just opened new roles: 👉 https://lnkd.in/eZMucPNc If you’re excited about: Building autonomous security systems Working on real-world AppSec problems at scale Moving fast with a strong, focused team We should talk. Feel free to apply or tag someone who’d be a great fit 🙌