DevOps.com

Nearly half of organizations have confirmed a security incident caused by a third‑party dependency, and another 39% report near misses. Cloudsmith’s KubeCon announcement attaches threat intelligence from OpenSSF directly to software artifacts, letting DevSecOps teams automatically quarantine risky packages, block those with high EPSS scores, and evaluate SBOMs for unsafe transitive dependencies, all enforced with Open Policy Agent. Get the full story on how Cloudsmith plans on closing the policy gap: zpr.io/Xyfiqz9Rgs9e #KubeCon #SupplyChainSecurity #DevSecOps

DevOps expertise is in high demand at BofA Securities, GEICO, Microsoft, Sportradar and Teladoc Health. Find out how to apply 👉 buff.ly/SAzrOaS #DevOps #Microsoft #GEICO #Jobs

A single compromised npm package can expose API keys, authentication tokens, and cloud service secrets from CI/CD pipelines, cloud environments, and developer machines. The latest campaign, using the packages sbx‑mask and touch‑adv, shows attackers are moving beyond install‑time execution, embedding malicious logic deeper so it runs only when the package is imported, evading routine inspections. Learn how these campaigns exploit the trust we place in open source maintainers: buff.ly/6GyH7Fy #SupplyChainSecurity #npm #Tech

Join Mark Miller at 𝗔𝗜 𝗡𝗮𝘁𝗶𝘃𝗲𝗗𝗲𝘃 at RSAC for a focused day of discussions on AI-native development, security and the future of software delivery. It is a great opportunity to hear from leaders shaping the conversation. 📍 March 23 at RSAC 🎟 Included with RSAC badge 🔗 buff.ly/AAnFn1e #AINativeDev #RSAC #Cybersecurity #AI

𝗔𝗜 𝗡𝗮𝘁𝗶𝘃𝗲𝗗𝗲𝘃 brings together leaders shaping what comes next in software and security, and @ashimmy will be part of that conversation throughout the day. With decades of experience across DevOps, cybersecurity, cloud-native technologies, and digital transformation, he brings perspective that RSAC attendees will not want to miss. 📍 March 23 at RSAC 🎟 Included with RSAC badge 🔗 buff.ly/AAnFn1e #AINativeDev #RSAC #Cybersecurity #AI

𝗔𝗜 𝗡𝗮𝘁𝗶𝘃𝗲𝗗𝗲𝘃 examines how development and security models evolve when AI is embedded, not layered on. Across the day, practitioners explore what teams need to understand as AI-native workflows move from experimentation into standard practice. Join the conversation at RSAC. 📍 March 23 🎟️ Included with RSAC badge 🔗 buff.ly/AAnFn1e #AINativeDev #RSAC #DevSecOps #AI

🗓️ @mitchellashley brings more than 30 years of experience across software engineering, cybersecurity, DevOps, DevSecOps, cloud, and AI. At 𝗔𝗜 𝗡𝗮𝘁𝗶𝘃𝗲𝗗𝗲𝘃, he adds a practical perspective for attendees looking to better understand how AI is changing software delivery, security, and engineering leadership. Save your seat and make this part of your RSAC plan. 📍 March 23 at RSAC 🎟 Included with RSAC badge 🔗 buff.ly/AAnFn1e #AINativeDev #RSAC #SoftwareEngineering #DevOps

How is agentic AI changing development and security? @fsmontenegro joins 𝗔𝗜 𝗡𝗮𝘁𝗶𝘃𝗲𝗗𝗲𝘃 to explore that shift through the lens of modern cybersecurity, attack surface challenges and evolving security architectures. 📍 March 23 at RSAC 🎟 Included with RSAC badge 🔗 buff.ly/AAnFn1e #AINativeDev #RSAC #AgenticAI #Cybersecurity

𝗔𝗜 𝗡𝗮𝘁𝗶𝘃𝗲𝗗𝗲𝘃 panels focus on applied experience, not theory. Across the day, practitioners discuss how AI-native development affects tooling decisions, risk ownership, and collaboration between security and engineering teams. Be part of the conversation at RSAC. 📍 March 23 at RSAC 🎟️ Included with RSAC badge 🔗 buff.ly/AAnFn1e #AINativeDev #RSAC #DevOps #AI

Hasan Yasar brings more than 25 years of experience in secure software development, software architecture, DevSecOps, and secure engineering practices. His perspective is especially relevant for attendees looking to understand how secure software development practices are evolving as AI becomes more embedded in modern engineering workflows. 📍 March 23 at RSAC 🎟 Included with RSAC badge 🔗 buff.ly/AAnFn1e #AINativeDev #RSAC #DevSecOps #SecureSoftware

🗓️@wickett brings a practical security perspective to 𝗔𝗜 𝗡𝗮𝘁𝗶𝘃𝗲𝗗𝗲𝘃. As CEO of @dryrunsec, he is building AI-powered contextual security agents designed to catch issues before code is merged. His session is especially relevant for teams looking at how AI can strengthen security inside modern development workflows. 📍 March 23 at RSAC 🎟 Included with RSAC badge 🔗 buff.ly/AAnFn1e #AINativeDev #RSAC #AppSec #AI

AI-native development introduces new assumptions about trust, control, and verification. @ChenxiWang, a security leader and researcher, joins 𝗔𝗜 𝗡𝗮𝘁𝗶𝘃𝗲𝗗𝗲𝘃 to explore how risk behaves differently when AI is embedded directly into development pipelines. Plan to attend this discussion at RSAC. 📍 March 23 at RSAC 🎟️ Included with RSAC badge 🔗 buff.ly/AAnFn1e #AINativeDev #RSAC #SecurityLeadership #AI

vCluster Labs built its reputation on virtual Kubernetes clusters for pre-production environments. Now at NVIDIA GTC 2026, the company is adding bare metal management to its portfolio, targeting both neoclouds optimizing GPU consumption, and internal IT teams managing multi-tenant infrastructure. Read the full announcement from the show floor: zpr.io/DBiCumxfpD5M #GTC2026 #AIInfrastructure #Kubernetes

Open Source Pressure, AI Lawsuits and Mistral’s Enterprise Play x.com/i/broadcasts/1…

Open developer infrastructure matters. A new article from @devopsdotcom looks at how the Eclipse Foundation is expanding the scope and reach of the Open VSX Registry, the vendor-neutral extension marketplace for tools built on the VS Code extension API. As developer platforms and AI-enabled IDEs continue to grow, Open VSX plays a critical role in delivering trusted extensions across the open ecosystem. Read the story: hubs.la/Q045Rclk0 #opensource #DeveloperTools #OpenVSX #DevOps #EclipseFdn

𝗔𝗜 𝗡𝗮𝘁𝗶𝘃𝗲𝗗𝗲𝘃 is flexible by design. Drop in throughout the day, follow the discussions that matter most to you, and connect with practitioners working directly with AI-native development and security. Make this an easy stop during RSAC. 📍 March 23 📍 Room 306 🎟️ Free with RSAC badge 🔗 buff.ly/AAnFn1e #AINativeDev #RSAC #TechEvents

How can teams control AI-generated code at scale? Secure Code Warrior’s Trust Agent enforces policies and links model provenance to risk. Read more: buff.ly/M5TyBmG #DevSecOps #AIGovernance

OpenAI has reached an agreement to acquire Astral, the startup behind some of the Python community's most popular open-source developer tools, marking another escalation in the AI-assisted development market. The acquisition comes as Anthropic's Claude Code gains momentum among developers who prize its reasoning capabilities. Get the full story on OpenAI's newest acquisition: zpr.io/BjHV3HagH7b4 #OpenAI #Python #AIDevelopment

Lineaje has launched UnifAI, a platform that automatically discovers AI components within applications, defines security and governance policies, and autonomously generates guardrails integrated with an MCP server for AI coding tools. Discovery Agents continuously map an AI Bill of Materials to identify every model, agent, dependency, and data connection, while AI agents craft Kill-Chain models to thwart known threats using existing defenses. Learn how the platform derives application behavior intent from build tools to generate appropriate governance policies: zpr.io/4fxnVKfKjrYN #Lineaje #AISecurity #DevSecOps

Checkmarx has embedded an orchestration framework into its DevSecOps platform to simplify the management of workflows across five AI agents that discover, triage, and help remediate vulnerabilities. Read the full story on Checkmarx's AI agent orchestration: zpr.io/b3BZLqMrbuXN #Checkmarx #DevSecOps #AppSec