Is Runtime Protection the Next Step in Securing the Software Supply Chain for Web Hosts?

Writer: Jordan Sprogis

Jordan Sprogis, Contributing Expert

Jordan Sprogis is a creative writer and tech researcher who has been working on online content for the better part of a decade. She holds a bachelor's degree in professional writing from Western Connecticut State University and has devoted much of her career to crafting content for various web verticals, including CyberSpyder and The Echo. Since joining HostingAdvice, Jordan has combined her storytelling ability with her fascination for advancements in technology to pen over 500 articles geared toward industry pros and newcomers alike.

Editor: Lillian Castro

Lillian Castro, Senior Editor

Lillian Castro brings more than 30 years of editing and journalism experience to our team. She has written and edited for major news organizations, including The Atlanta Journal-Constitution and the New York Times, and she previously served as an adjunct instructor at the University of Florida. Today, she edits HostingAdvice content for clarity, accuracy, and reader engagement.

Reviewer: Cristian Lopez

Cristian Lopez, News Manager

Cristian Lopez uses his Business Marketing background from the University of Illinois at Chicago to create comfortable environments for customers, clients, and colleagues to share their thoughts and ideas openly. From interviewing tech leaders to conducting UX market research projects, Cristian knows the importance of storytelling — a key variable for innovation and inspiration. His goal at HostingAdvice is to wow readers on the ever-evolving nature of the tech industry and bring his audience the most reliable and exciting content on all things hosting.

Follow the HostingAdvice team for a daily dose of tech news, trending IT discussions, and interviews with the web's most innovative technologists.
Follow Us:
2.7k
1k

Cycode, a Complete Application Security Posture Management (ASPM) platform, just announced two major advancements for its users.

The first is real-time, runtime protection powered by Cimon memory integrity monitoring. The second is a full suite of AI agents that are designed to detect/remediate software vulnerabilities.

Lior Levy, CEO of Cycode, said these tools go beyond identifying and mitigating vulnerabilities and instead take monitoring a step further.

“[I]t’s about preventing them from being exploited in the first place, and equipping security teams with intelligent, autonomous tools to operate at the speed of modern development,” said Levy.

Cycode’s runtime protection uses memory integrity monitoring to continuously check build and deployment processes so nothing can be tampered with, even if backup protections fail.

Man on the telephone in front of a computer screen that reads 'security breach'
The last thing any provider wants is to hear from a client about a security breach. Active runtime protection helps prevent this. (Source: Shutterstock)

“The recent surge in sophisticated attacks like tj-actions underscores the urgent need for a paradigm shift in application security,” said Levy.

The tj-actions attack, which occurred in March, exposed software supply chain secrets in thousands of GitHub repositories.

Then there’s the launch of Cycode’s automated agentic AI suite, AI Teammates, which is described as a step up from copilots or assistants.

“Cycode’s AI Teammates operate like members of your security crew: informed, autonomous, and able to carry out tasks across detection, prioritization, and remediation,” the press release read.

AI Teammates comes with a suite of mini-agents that are designed to zero in on specific aspects of the process:

Powering the suite is the Model Context Protocol, a resource and tool layer that lets AI Teammates operate the way they should.

The press release reads: “It enables every teammate to reason with full organizational context, not just isolated files or scan results. Think of it as the ‘operating system’ for your AI teammates.”

Why Web Hosts Should Pay Attention

Yes, Cycode’s latest advancements are tailored for software development teams. But web hosting providers are stepping into similar territory.

Today’s modern hosts are expanding their offerings to include dev tools, including site-building tools, deployment pipelines, and even code repositories, like GitHub’s REST API.

In the managed WordPress space, we’ve seen this with plugins and theme ecosystems.

These additions make it easier than ever for users, especially those who aren’t tech-savvy, to build sites that look professional. But with that convenience comes complexity.

Each new integration or customization point becomes a potential entryway for attackers. If third-party plugins or user-generated code aren’t frequently checked, vulnerabilities can slip in.

There are a few trends within the web hosting space that industry leaders will recognize:

Roni Gurvich, Cycode’s Head of AI, warns that these two trends are what’s fueling the rise in security threats.

“As the era of the 10X developer accelerates and ‘vibe coding’ becomes the norm, security teams are drowning in vulnerabilities they can’t keep up with,” said Gurvich.

It’s an excellent point: Not all web hosting customers are developers, and small business users typically lack security expertise.

Vibe coding lets developers quickly create code with AI…but bad code can sneak in vulnerabilities. (Source: Shutterstock)

And quite often, even the best tools only matter if they’re built into the platform. The fact is, users want simplicity without having to worry about technical issues or server configuration.

For hosting providers, it’s an opportunity to highlight your platform’s automated safeguards and build trust by reassuring customers that it transparently does all the security work for them.

But whether or not it’s tech from Cycode, tools that can automatically analyze third-party components before and after deployment are becoming more relevant.

The era of trust is sadly over: In 2024, 35.5% of global breaches were tied to third-party vulnerabilities, up from 29% in 2023. And 75% of third-party breaches targeted the software and technology supply chain.

“At Cycode, we believe the answer is smarter, autonomous AI agents that work alongside security teams as teammates identify, prioritize, and fix issues before they become threats,” said Gurvich.

About the Author

Contributing Expert

Jordan Sprogis is a creative writer and tech researcher who has been working on online content for the better part of a decade. She holds a bachelor's degree in professional writing from Western Connecticut State University and has devoted much of her career to crafting content for various web verticals, including CyberSpyder and The Echo. Since joining HostingAdvice, Jordan has combined her storytelling ability with her fascination for advancements in technology to pen over 500 articles geared toward industry pros and newcomers alike.

« BACK TO: BLOG

Meet the Experts

Our team of experts with a combined 50+ years of experience in web hosting serve insight and advice to more than 20 million users!

We Know Hosting

$

4

8

,

2

8

3

spent annually on web hosting!