Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

teleport

OWASP Top 10 for Agentic Applications 2026: Key Takeaways & How to Take Action

Dec 15, 2025 By Jack Pitts In Teleport
AI agents connect to APIs, execute code, move data, and make decisions with real permissions in live production environments — introducing a new class of security risks. To help organizations stay ahead, the OWASP GenAI Security Project released the OWASP Top 10 for Agentic Applications 2026. In this post, we’ll provide a summary of each agentic AI risk category defined by OWASP, along with actionable next steps to begin securing your agentic AI projects in 2026 and beyond.
Read Post

We Asked AI Security Experts to Explain Their Work Using Emojis #AISecurity #AI #AppSec

Dec 15, 2025 By Mend In Mend
Can you explain AI Security using only emojis? We challenged AI Security professionals to do just that — no words, just symbols. Their creative combos reveal how experts really think about risks, models, and protection in today’s AI-driven world. From to to , each emoji tells a story about securing the systems behind the world’s most powerful models. Subscribe for more creative takes on AppSec, AI Security, and secure development from the Mend.io team.
View Video
certkit

Perfect Forward Secrecy Made Your Private Keys Boring

Dec 8, 2025 By Todd H. Gardner In CertKit
For twenty years, a stolen private key was a disaster. It meant total compromise. Every encrypted conversation, password transmitted, API call ever made was readable. Traffic was being recorded all the time, “just in case” your private key leaked out. The NSA even had a name for it: “harvest now, decrypt later.” Record all the encrypted traffic today. Steal the private keys tomorrow. Decrypt everything retroactively.
Read Post
armo

The 3 Biggest Cloud Workload Threats (and Why Teams Miss Them)

Dec 8, 2025 By Ben Hirschberg In ARMO
In this article, we’ll break down the three most prevalent runtime threat vectors behind most modern cloud breaches – and why traditional cloud security tools fail to detect them. Let’s get one thing clear: the cloud itself hasn’t become more dangerous – but cloud-native architectures fundamentally changed the threat landscape. In the datacenter era, most threats targeted hosts, networks, and endpoints.
Read Post
CalCom

Group Policy Guide for Baseline Hardening

Dec 8, 2025 By Roy Ludmir In CalCom
Creating a safe and secure environment is a top priority for all types of organizations. To accomplish this goal, it is essential to adhere to group policy best practices, particularly in the realm of GPO security. By configuring fundamental Group Policy Settings correctly, organizations can significantly enhance their security posture. When Group Policies are utilized effectively, they play a crucial role in safeguarding users’ computers from various threats and potential breaches.
Read Post

Google Gemini 3 Pro Builds an App with ONE PROMPT...

Dec 8, 2025 By Snyk In Snyk
Google announced Gemini 3 Pro, which they tout as their most intelligent model yet that's best for complex tasks and bringing creative concepts to life. We're going to put this model to the test and see how good it is at fulfilling our prompt with a production ready app and the security of the code it produces.
View Video

A Deep Dive Into ggshield, The GitGuardian CLI

Dec 5, 2025 By GitGuardian In GitGuardian
In this in-depth walkthrough, we will show you how to turn ggshield, the GitGuardian CLI, into a practical guardrail for keeping secrets out of your code and CI pipelines. You’ll see exactly how to install and authenticate ggshield, then use it to scan repositories, local paths, archives, Docker images, PyPI packages, and CI environments for hardcoded credentials. We’ll also walk through configuring Git hooks with ggshield install.
View Video
gitprotect

Why Granular Backup And Recovery Are Essential for your DevOps backup strategy

Dec 5, 2025 By Wojciech Andryszek In GitProtect
Every IT stack may look tidy on a diagram. If so, then it’s tempting to assume everything works fine. And yet, systems rarely fail as a whole. Usually, it’s a part or functionality. For instance, anyone who ever untangled a broken workflow in GitHub, GitLab, Bitbucket or Azure DevOps, or a corrupted field in Jira, knows it too well. And that’s the quiet tension (“to fix one little thing”) inside every modern backup strategy.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.