Category: DevSecOps
-
Your Threat Model Will Fail – And Here’s Why
There’s a quiet assumption baked into most security programs: “If we threat model well enough, we can predict and prevent attacks.” That assumption is wrong. Not because threat modeling is useless but because it is fundamentally incomplete by design. If you’re building modern systems, cloud-native, distributed, AI-driven, your threat model will fail. The only question…
-
SBOMs Are Not Enough: What Real Supply Chain Security Looks Like
Software supply chain security has become one of the most talked-about topics in modern engineering and for good reason. Attacks are no longer just about exploiting running applications, they are increasingly about poisoning what gets built, shipped, and trusted in the first place. In response, the industry has rallied around one key concept: the Software…
-
Rethinking Container Security: From Fragmented Practices to a Simple, Usable Flow
Containerization has transformed how we build and deploy software. With tools like Docker and Kubernetes, developers can move faster than ever before. At the same time, security practices around containers have grown rapidly, image scanning, runtime controls, and Kubernetes policies are now widely discussed and adopted. And yet, for many teams, container security still feels……
-
From DevSecOps to MLSecOps: Securing the AI Development Lifecycle
In recent years, organisations have matured their software-development practices through models like DevSecOps integrating security (“Sec”) into the development (Dev) + operations (Ops) lifecycle. Now, as artificial intelligence (AI) and machine-learning (ML) systems become core to business operations, a new discipline is emerging: MLSecOps (Machine Learning Security Operations). MLSecOps takes the DevSecOps ethos but extends…
-
Securing AI Plugins and Toolchains: Defense Beyond the Model
Introduction: The Model Isn’t the Only Attack Surface When we talk about securing generative AI, we often focus on the model itself its weights, its training data, its prompt vulnerabilities. But in modern systems the model is just one piece. Many solutions chain the model with plugins, APIs, orchestration layers, agent tools, and external services.…