Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

teleport

How to Secure Third-Party Remote Access to Data Centers (Without SSH Keys)

May 7, 2026 By Mayur Pipaliya In Teleport
Whether it’s vendors diagnosing GPU driver failures or network technicians troubleshooting switch configurations, organizations are often ready to do whatever it takes to get their infrastructure back to normal. For some, that may mean defaulting to the fastest access path available for third-party access, such as shared SSH keys, VPN credentials, or screen-sharing sessions.
Read Post
CalCom

How to Talk to Your Board About System Hardening

May 7, 2026 By Joan Levin In CalCom
You know your servers need hardening. Getting leadership to prioritise, fund, and support the effort is the harder challenge. Here’s our experts’ best advice for how to talk to the C-suite and board about the need for automated server hardening. You already know the servers are drifting. Configurations change. Exceptions pile up. Standards slip over time. The hard part is not identifying the problem.
Read Post

How Attackers Use Developer Machines to Breach the Software Supply Chain - May 07, 2026

May 7, 2026 By GitGuardian In GitGuardian
In April, three major supply chain campaigns hit npm, PyPI, and Docker Hub in just 48 hours, and while the ecosystems were different, the objective was the same: steal credentials from developer environments and CI/CD pipelines. The malware targeted API keys, cloud credentials, SSH keys, GitHub tokens, npm tokens, environment variables, and more, turning developer machines and build systems into high-value credential vaults for attackers.
View Video

Meet GitGuardian's AI Assistant: Natural Language Queries Across All Your Incidents

May 7, 2026 By GitGuardian In GitGuardian
See how the GitGuardian Assistant helps teams investigate, understand, and remediate secret incidents directly from the GitGuardian workspace. In this preview, Mathieu and Dwayne walk through how the assistant uses incident context, workspace details, and GitGuardian documentation to answer questions, suggest next steps, and help manage incidents through natural language. It can explain threat patterns, assess scope and impact, recommend remediation steps, assign incidents, update tags, and propose changes to incidents.
View Video
mend

Mend.io and GitHub Partner to Bring Mend Renovate Cloud to Open Source Maintainers

May 7, 2026 By Jamie Tanna In Mend
At Mend.io, we understand better than some the weight that sits atop the shoulders of open source maintainers who support the ecosystem at large. These maintainers need to keep on top of supply chain security best practices, keep their dependencies up-to-date, taking on new contributions from users, all the while trying to squeeze that into their “off hours”.
Read Post
armo

AI Agent Incident Response in Cloud-Native Environments: A Playbook for Modern SOCs

May 6, 2026 By Shauli Rozen In ARMO
It’s 2 a.m. and the SOC has a Tier 3 page. A customer-service agent on the production cluster has just wired refund payments to seven addresses outside the approved disbursement list. The runbook is unambiguous: isolate the pod, image the disk, image the memory, root-cause within 48 hours.
Read Post
gitprotect

How leadership should assess DevOps backup solutions before purchase

May 6, 2026 By Beata Moryl In GitProtect
Managing a growing list of vendors can add complexity across an organization. Adding a new partner may require navigating additional administrative processes and internal alignment. As a result, third-party DevOps backup often ends up lower on the priority list until one serious data deletion, prolonged recovery, or failed restore turns it from a “nice to have” into an executive-level decision.
Read Post

Incident Response: Keeping Cool When Everything's on Fire

May 6, 2026 By Datadog In Datadog
The DevOps revolution broke down the traditional silos between development and operations, fundamentally reshaping how we build and maintain software. But with this evolution came an inevitable, and often stressful, reality for many engineers: being on-call and responding to incidents. In this session, Daljeet Sandu will explore how on-call has evolved in recent years, highlight proven best practices, and share insights into the future of incident response in DevOps.
View Video
armo

How to Harden AI Agents in Cloud Environments: The 9 Capabilities Your Stack Must Provide

May 6, 2026 By Shauli Rozen In ARMO
Most “hardening” advice for AI agents is a checklist of things to configure before the agent runs. CIS Kubernetes Benchmark gates. Pod Security Standards baselines. NetworkPolicy templates. None of it’s wrong — it’s just one of four phases, the one your stack already covers. The other three are Observe, Enforce, and Reconcile. They’re where AI agents actually get breached, and they’re where most stacks have nothing.
Read Post
armo

AI Agent Security Performance: Framework for Evaluating Latency, Throughput, and Observability Overhead

May 6, 2026 By Ben Hirschberg In ARMO
Every AI workload security PoC reaches the same conversation. Platform engineering pushes back: the AI team won’t accept extra latency on inference. The security engineer hunts for benchmarks and finds a contradiction. Langfuse publishes 15% overhead. AgentOps publishes 12%. The security vendor quotes 1–2.5%. None is lying. They measure different layers.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.