Konvu Security Blog
Insights, guides, and best practices for security professionals and engineering teams.
Why Static Code Reachability Is Not Enough: From "Reachable" to Truly Exploitable
Learn why static code reachability isn't enough for AppSec, how exploitability analysis slashes false positives, and how Konvu turns scanner noise into real risk decisions.
Read more →
Teaching AI Agents Without Fine-Tuning with Context Learning
At Konvu, we're building a culture of learning and sharing by inviting experts to share some tech challenges they've overcome. Konvupéro Fall Edition welcomed Anyshift's Ghazi Felhi to explore Agentic Context Engineering (ACE)
Read more →
The Future of Vulnerability Management
For the past decade, security has measured progress by how many vulnerabilities it could find. That realization hit me hard after years at Datadog building cloud and application security products designed to detect vulnerabilities. Detection wasn't progress, it was paralysis.
Read more →
Being a Junior Software Engineer in 2025
Being a junior engineer in 2025 looks different than it did even a few years ago. AI now handles much of the repetitive coding that used to help new engineers learn by doing. What's left are higher-leverage problems that demand judgment, curiosity, and product intuition.
Read more →
Smooth Operations: Agentic Triage in Production
How Konvu uses agentic systems to autonomously triage security vulnerabilities in production, keeping sensitive code in-boundary while centralizing decisions.
Read more →
Navigating Kubernetes: Hard-Won Lessons from Agent Injection Webhooks
Building a Kubernetes mutating admission webhook for production? Learn from our experience deploying agent injection across multiple clusters - from bootstrapping pitfalls to namespace scoping.
Read more →
You don't need an AI agent framework, or why frameworks are the new Juicero
A practical back-to-school lightning talk on building AI agents without frameworks. The thesis is simple - build the loop, add the tools, measure, then earn the complexity.
Read more →
Handling GitHub App Admin Approval Workflows
Building GitHub integrations for enterprise customers? Learn how to handle the complex admin approval workflows.
Read more →
How Konvu got its name
The real story behind the Konvu name and a repeatable, two-hour process you can use to pick a strong .com without drama.
Read more →
We helped build a YC Startup. Now we're building our own, The YC Way.
The principles we learned at Sqreen, and still live by at Konvu.
Read more →
Using Java Dynamic Instrumentation to Detect Exploitable Vulnerabilities at Runtime
How Konvu uses Java dynamic instrumentation to identify truly exploitable vulnerabilities, reducing false positives and focusing remediation efforts.
Read more →
Navigating the Maze of Maven Dependencies - A Survival Guide
A comprehensive guide to understanding and managing Maven dependencies, including conflict resolution, best practices, and common pitfalls.
Read more →
How We Built Konvu for Global Scale From Day One
How Konvu built a global company from day one - lessons from US incorporation, international culture, and early market commitment by European founders.
Read more →