Tag: risk management
Gemini CLI Plan Mode Separates Thinking From Doing — and Makes Read-Only the Default
Tom Smith | | agent governance, ask_user, auditability, codebase investigation, Conductor, developer approval, Gemini 3.1 Pro, Gemini CLI, MCP read-only, model routing, orchestration, plan mode, read-only, research-first, risk managementGoogle’s Gemini CLI Plan Mode enforces read-only research-first workflows—using higher-reasoning models for strategy, ask_user prompts for clarification, and read-only MCP integration—so agents propose vetted implementation plans before code changes ...
Tool Fragmentation is Breaking Delivery Context — Here’s What Teams are Learning
Arul Watson | | access control, application security, automation, CI/CD pipelines, Cloud Security, credential exposure, Cybersecurity, devsecops, incident response, risk management, secrets management, security best practices, supply chain security, token managementExplore the emerging crisis in application delivery caused by tool fragmentation in modern software development. This article discusses the need for semantic interoperability, context preservation, and a shift from linear pipelines to ...
Secrets Management Failures in CI/CD Pipelines
Johnbosco Ejiofor | | access control, application security, automation, CI/CD pipelines, Cloud Security, credential exposure, Cybersecurity, devsecops, incident response, risk management, secrets management, security best practices, supply chain security, token managementExplore the critical role of secrets management in CI/CD pipelines and its impact on cybersecurity. This article highlights the risks of credential exposure, the importance of implementing strong security practices, and how ...
4 Security Risks of AI Code Assistants
Zac Amos | | AI (Artificial Intelligence), AI agent security, Code Assistant, generative AI risks, risk managementAI coding assistants can introduce vulnerabilities, privacy risks, and dependency issues. Learn key cybersecurity practices to safely use AI in software development ...
Security Controls That Slow Teams Are Usually Poorly Designed
Venkata Nedunoori | | Approval Processes, automation, continuous change, devops, Friction Reduction, Gates vs. Guardrails, Human Oversight, incident management, Metrics for Success, operational efficiency, Policy Compliance., risk management, Security Controls, Security Workflow, Trust in SecurityDiscover strategies to enhance security controls in DevOps, emphasizing the shift from gates to guardrails and the importance of designing around real workflows ...
Lessons from 2025: The Year “Agent Mitigation” Became a Thing
Abigail Wall | | Agent Mitigation, AI agents, AI Best Practices, AI security, cloud infrastructure, Continuous Evaluation, Data Exfiltration, Environment Orchestration, Incident Analysis, incident management, incident response, Mitigation Strategies., Public APIs, reliability engineering, risk management, Security ControlsExplore the emergence of agent mitigation as a formal discipline in response to 2025's AI failures, highlighting best practices for secure and reliable AI agent deployment ...
Veracode Extends Scope and Reach of DevSecOps Portfolio
Veracode today updated its risk management tool to provide integration with Kubernetes runtime environments, increased integration with code repositories to make it simpler to identify the origin of vulnerabilities and, available shortly, ...
Avoid Security Apathy with DevSecOps
Against the backdrop of rapid digital transformation accelerated by the pandemic, every industry has seen an increase in high-level cybersecurity breaches. As organizations continue to support distributed and remote work, organizations must ...
Our API Mess is Coming
APIs are the satisfaction of a long and deep need to be able to create consistent and reliable integrations between disparate systems, operating systems and datasets. As we started to use REST-based ...
Managing Business Risk in a DevOps Context
We hear a lot in the industry about the importance of automation in DevOps to enable speed. However, there is another element that is often missing in the discussion - risk, compliance ...
Cloud Migrations Demand Risk and Compliance Maturity
The COVID-19 pandemic brought undeniable disruptions for organizations and their employees whether business, personal or otherwise. Across the globe, businesses and governments alike were forced to try and manage these disruptions. For ...
Managing Data Risk in 2021
Mitch Ashley | | data management, data privacy, data protection, data security, Imperva, risk managementYou can't protect your data if you don't know where it is stored. The first thing to consider when creating a risk-based approach to data protection is the ability to identify and ...
