Konvu Security Blog
Insights, guides, and best practices for security professionals and engineering teams.
Why Static Code Reachability Is Not Enough: From "Reachable" to Truly Exploitable
Learn why static code reachability isn't enough for AppSec and how exploitability analysis slashes false positives and turns scanner noise into real risk.
Read more →
Teaching AI Agents Without Fine-Tuning with Context Learning
Konvupero Fall Edition welcomed Anyshift's Ghazi Felhi to explore Agentic Context Engineering (ACE) - teaching AI agents without fine-tuning.
Read more →
The Future of Vulnerability Management
For the past decade, security measured progress by vulnerability count. Detection wasn't progress, it was paralysis. Learn how agentic AI changes everything.
Read more →
Being a Junior Software Engineer in 2025
Being a junior engineer in 2025 looks different. AI handles repetitive coding, leaving higher-leverage problems that demand judgment, curiosity, and product intuition.
Read more →
Smooth Operations: Agentic Triage in Production
How Konvu uses agentic systems to autonomously triage security vulnerabilities in production, keeping sensitive code in-boundary while centralizing decisions.
Read more →
Navigating Kubernetes: Hard-Won Lessons from Agent Injection Webhooks
Building a Kubernetes mutating admission webhook? Learn from our experience deploying agent injection across clusters, from bootstrapping to namespace scoping.
Read more →
You don't need an AI agent framework, or why frameworks are the new Juicero
A practical lightning talk on building AI agents without frameworks. Build the loop, add the tools, measure, then earn the complexity.
Read more →
Handling GitHub App Admin Approval Workflows
Building GitHub integrations for enterprise customers? Learn how to handle admin approval workflows, capture context, and automate installation fulfillment.
Read more →
How Konvu got its name
The real story behind the Konvu name and a repeatable, two-hour process you can use to pick a strong .com without drama.
Read more →
We helped build a YC Startup. Now we're building our own, The YC Way.
The YC principles we learned at Sqreen and still live by at Konvu. Build something people want, write code, talk to users, and focus on one problem at a time.
Read more →
Using Java Dynamic Instrumentation to Detect Exploitable Vulnerabilities at Runtime
How Konvu uses Java dynamic instrumentation to identify truly exploitable vulnerabilities, reducing false positives and focusing remediation efforts.
Read more →
Navigating the Maze of Maven Dependencies - A Survival Guide
A comprehensive guide to understanding and managing Maven dependencies, including conflict resolution, best practices, and common pitfalls.
Read more →
How We Built Konvu for Global Scale From Day One
How Konvu built a global company from day one - lessons from US incorporation, international culture, and early market commitment by European founders.
Read more →