DevSecOps

The Great Decoupling: Scaling the Outer Loop for the Agentic Era
The "Inner Loop" of software development—the iterative cycle of writing, building, and debugging code—has just broken the sound barrier. With the emergence of agentic coding tools like Claude Code and GitHub Copilot ...

When AI Goes Really, Really Wrong: How PocketOS Lost All Its Data
You can't make this crap up. You just wish you could. Jer Crane, founder of the small vertical software company, PocketOS, reported on X that the AI Cursor coding agent and a ...

Microsoft Turns to Anthropic’s Mythos to Improve Cyber Defense
Microsoft has unveiled plans to incorporate Anthropic’s Claude Mythos Preview model and other AI models into its Security Development Lifecycle, embedding AI directly into the stages where code is written and tested ...

How to Manage Operations in DevOps Using Modern Technology
How modern DevOps teams manage operations using automation, observability, AIOps and self-service to reduce toil and improve reliability ...

AI Agents in DevOps: Hype vs. Reality in Production Pipelines
The demos look super cool! An AI agent detects a failing deployment, rolls it back, opens a GitHub issue, and notifies Slack — all before the on-call engineer has finished reading the ...

Bad Actor Drops 36 Malicious Packages in npm, Targets Guardarian Users
The npm code repository is again being used by a bad actor to launch a supply chain attack that includes three dozen malicious packages that appear as Strapi CMS plugins but deliver ...

Is Your AI Agent Secure? The DevOps Case for Adversarial QA Testing
Adversarial QA testing helps validate AI agents under real-world conditions, exposing risks like prompt injection and logic failures ...

Latest Typosquatting Attack Targeting VS Code Tools Hits Windsurf IDE
Cybersecurity researchers from Bitdefender, a provider of an endpoint detection and response (EDR) platform, have discovered an extension to the Windsurf integrated development environment (IDE) that steals credentials and data after code ...

GitHub to Leverage User Code for AI Model Training, Allows Opt-Out
GitHub is preparing a significant change to how it trains the AI models behind its Copilot coding assistant. Beginning April 24, the Microsoft-owned platform will collect user interaction data by default to ...

Lineaje Adds Ability to Automatically Apply Governance Policies to AI Components
Lineaje this week unfurled a platform that automatically discovers the artificial intelligence components of an application, defines security and governance policies, and then autonomously generates guardrails. At the core of the Lineaje ...

Harness Extends AI Security Reach Across Entire DevOps Workflow
Harness today added an ability to automatically secure code as it is being written by an artificial intelligence (AI) coding tool in addition to adding a module to its DevOps platform that ...

Malicious NPM Package Gets Downloaded 50K Times Before Discovery
A malicious package downloaded approximately 50,000 times from a node package manager (npm) is providing an object lesson for adopting more DevSecOps best practices. Security researchers from Tenable discovered a “ambar-src” package ...

