Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

armo

A CISO's Guide to Deploying AI Agents in Production Safely

Apr 8, 2026 By ARMO In ARMO
Your CNAPP shows green across every posture check—hardened clusters, compliant configurations, no critical CVEs—but when your board asks "Are our AI agents safe in production?", you cannot answer with confidence because your tools see the infrastructure, not what the agents actually do at runtime.
Read Post
teleport

NIST 800-171 and Agentic AI: What Autonomous Systems Mean for CUI Protection

Apr 8, 2026 By Matthew Smith In Teleport
NIST Special Publication 800-171 defines a precise set of security requirements for organizations that handle Controlled Unclassified Information (CUI) outside of federal systems. For defense contractors, subcontractors, and their engineering teams, these controls are non-negotiable with the advent of the Cybersecurity Maturity Model Certification (CMMC) program, which dictates how CUI must be accessed, logged, transmitted, and protected across every system in scope. That scope is shifting.
Read Post
datadog

CI/CD security: How to secure your GitHub ecosystem

Apr 8, 2026 By Juvenal Araujo In Datadog
In Part 1 of this series, we discussed the CI/CD security boundary, mapped out potential attack vectors with a CI/CD threat matrix, and introduced a simple threat model focused on ideating detection workflows. In this post, we’ll apply these principles to a real-world source code management (SCM) tool example that every developer is familiar with: GitHub. In addition to threat modeling, we’ll also be taking a closer look at historical attacks on GitHub and GitHub Actions ecosystems.
Read Post

Stop Drowning in Container CVE Alerts: Reachable Risk & Docker VEX with Mend.io

Apr 8, 2026 By Mend In Mend
Developers are often overwhelmed by thousands of container CVE alerts, most of which are unfixable base image noise. This walk-through covers how to use reachable risk factors and Docker VEX statements within the Mend.io platform to streamline your vulnerability management.
View Video

Secret Scanning For AI Coding Tools With ggshield

Apr 8, 2026 By GitGuardian In GitGuardian
Introducing ggshield AI hooks from GitGuardian to help stop AI coding assistants from leaking secrets. See how ggshield can scan prompts, tool calls, file reads, MCP calls, and tool output inside AI coding tools like Cursor, Claude Code, and VS Code with GitHub Copilot. When a secret is detected, ggshield can block the action before sensitive data is sent or exposed. You will also see how simple the setup is, with flexible install options for local or global use. This adds practical guardrails to AI-assisted development and helps teams move fast without increasing secret sprawl.
View Video
certkit

CertKit is out of beta

Apr 7, 2026 By Todd H. Gardner In CertKit
CertKit is officially out of beta. We started building CertKit a year ago, and since then over 600 people signed up, issued certificates, and deployed to their infrastructure. Several are running it as their production certificate management platform right now. We built a lot during the beta. Some of it we planned: SSO, team management, alerting. Other things, users had to beat into us. The Keystore came from enterprise security requirements to keep private keys in house.
Read Post
mend

Container Security Without Context Is Just More Noise

Apr 7, 2026 By Shannon Davis In Mend
Mend.io’s new Docker Hardened Images integration brings DHI intelligence directly into the AppSec workflow, giving a smarter, faster path to container security. Container scanning has a noise problem. Run a standard scan against any production image, and you’ll surface thousands of CVEs.
Read Post

Your AppSec Metrics Are Lying to You. Here's What Actually Matters

Apr 7, 2026 By Mend In Mend
Mend.io, formerly known as Whitesource, has over a decade of experience helping global organizations build world-class AppSec programs that reduce risk and accelerate development -– using tools built into the technologies that software and security teams already love. Our automated technology protects organizations from supply chain and malicious package attacks, vulnerabilities in open source and custom code, and open-source license risks.
View Video
CloudCasa

CloudCasa Launches in the NKP Partner Catalog, Expanding Data Protection and Mobility for NKP Users

Apr 7, 2026 By CloudCasa In CloudCasa
At Nutanix.NEXT, we’re excited to announce that CloudCasa is launching in the NKP Partner Catalog, giving Nutanix Kubernetes Platform (NKP) solution users an easier way to add Kubernetes-native backup, recovery, disaster recovery, and migration to their environments. This launch builds on CloudCasa’s existing Nutanix Ready foundation and extends that value even further by making CloudCasa available through the NKP Partner Catalog.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.