Is Runtime Protection the Next Step in Securing the Software Supply Chain for Web Hosts?

Cycode, a Complete Application Security Posture Management (ASPM) platform, just announced two major advancements for its users.

The first is real-time, runtime protection powered by Cimon memory integrity monitoring. The second is a full suite of AI agents that are designed to detect/remediate software vulnerabilities.

Lior Levy, CEO of Cycode, said these tools go beyond identifying and mitigating vulnerabilities and instead take monitoring a step further.

“[I]t’s about preventing them from being exploited in the first place, and equipping security teams with intelligent, autonomous tools to operate at the speed of modern development,” said Levy.

Cycode’s runtime protection uses memory integrity monitoring to continuously check build and deployment processes so nothing can be tampered with, even if backup protections fail.

“The recent surge in sophisticated attacks like tj-actions underscores the urgent need for a paradigm shift in application security,” said Levy.

The tj-actions attack, which occurred in March, exposed software supply chain secrets in thousands of GitHub repositories.

Then there’s the launch of Cycode’s automated agentic AI suite, AI Teammates, which is described as a step up from copilots or assistants.

“Cycode’s AI Teammates operate like members of your security crew: informed, autonomous, and able to carry out tasks across detection, prioritization, and remediation,” the press release read.

AI Teammates comes with a suite of mini-agents that are designed to zero in on specific aspects of the process:

• Risk Intelligence Graph Agent: Provides hard-to-find answers across code repositories, workflows, secrets, dependencies, cloud assets, and more.
• Change Impact Analysis Agent: Tracks code changes in pull requests and flags anything that can seriously impact security.
• Exploitability Agent: Helps security teams and developers tell the difference between harmless issues and real, exploitable vulnerabilities hidden in scan results.
• Fix & Remediation Agent: Goes beyond just “suggesting a fix” by offering code fixes that fit your frameworks, coding style, and variable names.

Powering the suite is the Model Context Protocol, a resource and tool layer that lets AI Teammates operate the way they should.

The press release reads: “It enables every teammate to reason with full organizational context, not just isolated files or scan results. Think of it as the ‘operating system’ for your AI teammates.”

Yes, Cycode’s latest advancements are tailored for software development teams. But web hosting providers are stepping into similar territory.

Today’s modern hosts are expanding their offerings to include dev tools, including site-building tools, deployment pipelines, and even code repositories, like GitHub’s REST API.

In the managed WordPress space, we’ve seen this with plugins and theme ecosystems.

These additions make it easier than ever for users, especially those who aren’t tech-savvy, to build sites that look professional. But with that convenience comes complexity.

Each new integration or customization point becomes a potential entryway for attackers. If third-party plugins or user-generated code aren’t frequently checked, vulnerabilities can slip in.

There are a few trends within the web hosting space that industry leaders will recognize:

• DevSecOps (Development + Security + Operations) is gaining traction in hosting as security becomes a top priority. The market could hit $41.66 billion by 2030 with a 30.76% CAGR.
• The vibe coding movement (where tools can generate functional code in seconds) is also gaining popularity, especially among novice developers.

Roni Gurvich, Cycode’s Head of AI, warns that these two trends are what’s fueling the rise in security threats.

“As the era of the 10X developer accelerates and ‘vibe coding’ becomes the norm, security teams are drowning in vulnerabilities they can’t keep up with,” said Gurvich.

It’s an excellent point: Not all web hosting customers are developers, and small business users typically lack security expertise.

And quite often, even the best tools only matter if they’re built into the platform. The fact is, users want simplicity without having to worry about technical issues or server configuration.

For hosting providers, it’s an opportunity to highlight your platform’s automated safeguards and build trust by reassuring customers that it transparently does all the security work for them.

But whether or not it’s tech from Cycode, tools that can automatically analyze third-party components before and after deployment are becoming more relevant.

The era of trust is sadly over: In 2024, 35.5% of global breaches were tied to third-party vulnerabilities, up from 29% in 2023. And 75% of third-party breaches targeted the software and technology supply chain.

“At Cycode, we believe the answer is smarter, autonomous AI agents that work alongside security teams as teammates identify, prioritize, and fix issues before they become threats,” said Gurvich.