DevOps.com

AI is reshaping software supply chain threats. A new JFrog report found hundreds of malicious AI models and extensions targeting developers. AI attacks are accelerating. Read the full article to learn more: buff.ly/N6Eh7DV #DevSecOps #AISecurity

Hybrid incidents slow down when network, infrastructure, and app data live in separate tools. This webinar explores how teams are improving visibility, reducing MTTR, and identifying root causes faster across hybrid environments. Register now: buff.ly/X4vD7pC

Most data delays aren’t caused by missing data. They’re caused by the friction of turning business questions into trusted datasets. This webinar explores how agent-first data integration is changing that. Register now: buff.ly/zdS3kkO

Sol Duara is advancing DevOps interoperability by contributing its open source Conduit orchestration platform to the CD Foundation. The move is expected to encourage broader support for CDEvents, a specification designed to reduce friction across diverse DevOps tools and platforms. Find out more 👉 buff.ly/mjWJQJG #DevOps #CDFoundation #CDEvents #OpenSource

Docker is wrapping AI agents in a governance framework that enforces exactly which network endpoints, directories, credentials, and MCP tools an agent can touch. Every session runs inside a microVM‑based sandbox with a hard boundary, and every tool call is routed through a single authentication and logging chokepoint. learn how centralized policy enforcement can keep autonomous agents from becoming a liability: zpr.io/VL3QLUiBsgbP #Docker #AIGovernance

AI is testing software supply chains. Mike Vizard talks with Brian Fox, Co-founder & CTO of Sonatype, about open source security debt, vulnerability backlogs and the risk of chained exploits. Watch: techstrong.tv/videos/intervi… #Cybersecurity #AI

Perplexity has found that the fight to maintain security has moved to the engineer’s messy desktop.  @devopsdotcom devops.com/perplexity-bum…

This week’s DevOps job roundup includes a Staff Site Reliability Engineer at Okta in San Francisco, focused on FedRAMP, and a Senior DevOps Engineer at Lockheed Martin in Annapolis requiring a clearance. See the full list for all ten roles and the pay scales on offer here: zpr.io/X4uFMaXnZ2AF #DevOpsJobs #Tech

Developer desktops are a growing security blind spot. Perplexity’s open-source tool Bumblebee scans engineer machines for vulnerable software & risky AI configs. Read more: buff.ly/AZYJlau #Cybersecurity #DevSecOps

AI pilots are easy. Operationalizing AI at scale is the hard part. This webinar examines how organizations are moving from experimentation to measurable business outcomes while balancing operational, stakeholder, and roadmap pressures. Register now: buff.ly/uzxOFOK

Developers can now check lockfiles for vulnerabilities while writing code, entirely offline, using CVE Lite CLI’s cached CVE database. The tool produces ready‑to‑paste fix commands for npm, pnpm, Yarn, and Bun, moving security checks out of the CI queue and onto the developer’s machine. Learn how OWASP’s newest incubating project is making early dependency scanning practical and portable: zpr.io/RHPAEApdxmS7 #OWASP #CVE #DevSecOps

RISC-V is pushing beyond embedded systems into high-performance computing. This webinar examines SiFive’s latest performance cores, RVA23 support, and why enterprise interest in open standard architectures is accelerating. Register now: buff.ly/kJp0Qfg

Disconnected monitoring tools create disconnected incident response. This webinar explores how teams are unifying network, infrastructure, and application visibility across hybrid environments to reduce MTTR and surface root causes faster. Register now: buff.ly/X4vD7pC

🚀 OpenTelemetry has become a core observability standard. Mike Vizard talks with Chris Aniszczyk of the CNCF about OTel’s graduation, tracing, telemetry data and why AI agents will need stronger instrumentation. Watch: techstrong.tv/videos/intervi…

DevOps doesn't have a firewall problem; it has an identity problem. 🔐 Move beyond static RBAC & MFA: continuous identity scoring, short-lived tokens, and behavior-based enforcement. Make trust dynamic. buff.ly/ofAPFJu v/ @devopsdotcom #DevSecOps

The real AI lock‑in fight has nothing to do with which model tops a leaderboard because models will change, prices will change, and leaders will change. The deeper battle is over who controls the operating layer where agents meet tools, data, policy, identity, and workflows. See how Open Source is framing the infrastructure question before the agent layer gets captured: zpr.io/d584SVtScXxA #OpenSourceSummit #AI #MCP

🚀 Software risk is becoming a board-level issue. Mike Vizard talks with Christopher Robinson of OpenSSF about the EU Cyber Resilience Act, vulnerability reporting, software dependencies and using business-focused risk language. Watch: techstrong.tv/videos/intervi…

With more than two‑thirds of Azure customer cores already on Linux, Microsoft is no longer just a consumer of the OS. The company is releasing Azure Linux 4.0 to directly control a critical layer of the AI stack that powers services from ChatGPT to Microsoft 365. See what this deeper Linux investment means for enterprises running AI workloads on Azure: zpr.io/urZQL6NWXsvv #Microsoft #Linux #AI

The Artemis edition of the Kore,ai platform dramatically speeds up AI agent development by relying on AI to build and deploy them in a way that reduces dependencies on specific large language models. See how AI building AI could compress months of agent development into days: zpr.io/MLPbSKDirR2h #AgenticAI #AIAgents #DevOps

🚀 AI can accelerate software development, but open source still provides the shared foundations, review and community input that code generation cannot replace. Mike Vizard talks with Stephen Chin of Neo4j. Watch: techstrong.tv/videos/intervi…