Skip to main content

Posts

Sysdig Adds Runtime to Secure AI Coding Agents

Sysdig this week at the RSA Conference (RSAC) revealed it has created a runtime that makes it possible to securely deploy artificial intelligence (AI) coding tools. Jonas Rosland, director of the open source program for Sysdig, said the runtime makes it possible to monitor the activity of AI coding agents in real time, including potential credential risks. It also enables investigation of incidents involving AI agent activity, he added. Additionally, AI agents can be prevented from opening sensitive files or bypassing credential controls. Risky command-line arguments that weaken safeguards, such as allowing unrestricted file writes, are also prevented. Dangerous activity with developer environments, including reverse shells, binary tampering, and persistence mechanisms, can also be prevented. As AI coding tools are made available to both professional and citizen-developers alike, the likelihood of a cybersecurity incident involving these tools continues to rise. DevSecOps teams...
Post a Comment
Read more
Recent posts

Security as Code is Becoming the New Baseline: Continuous Compliance in DevOps 

There was a time when compliance meant a quarterly ritual. Someone from security would walk over with a spreadsheet, ask a few questions, tick a few boxes and disappear until the next audit cycle. The infrastructure team would scramble to prove that yes, encryption was enabled, and no, that S3 bucket was not public anymore. Everyone felt relieved, went back to shipping features and quietly hoped nothing would drift before the next review.   That model is dead; it just hasn’t been buried yet.   The problem is not that teams lack security awareness. Most engineering organizations today understand that vulnerabilities need catching early and that production environments need hardening. The problem is that compliance has historically lived outside the delivery pipeline — treated as a checkpoint rather than a continuous practice. In a world where teams deploy dozens of...
Post a Comment
Read more

Embedded DevOps: Bridging the Gap Between Firmware and Modern Delivery 

Embedded software development has traditionally followed a different rhythm than mainstream software engineering.   Hardware availability drives schedules. Validation cycles are longer. Releases are deliberate. Documentation is extensive. For good reason, embedded systems often operate in safety-critical or highly regulated environments.   However, expectations around software delivery have shifted. Connected products, over-the-air updates, security mandates and shorter market windows are creating new pressures for embedded teams.   The result? Many organizations are exploring how DevOps principles can be applied  — thoughtfully — to embedded environments.   Why Embedded Teams are Revisiting Their Delivery Model   Across industries such as automotive, medical devices, aerospace and industrial controls, a consistent pattern is emerging:   Integration happens later than teams would prefer.   Hardware ac...
Post a Comment
Read more

LocalStack Revamps CLI for Emulating AWS Cloud Services on Local Machines

LocalStack at the KubeCon + CloudNativeCon Europe conference this week unveiled a revamped command line interface (CLI), dubbed 1stk, for its framework that enables emulations of Amazon Web Services (AWS) environments to be run on a local machine. The CLI in version 3 of the AWS 2026 edition of the framework, in addition to providing a single binary that is easier to install, also adds a Terminal UI (TUI) that walks developers through steps such as authentication or setting up an AWS profile. Additionally, it offers better log viewing, which is now also turned off by default. At the same time, LocalStack has extended its Resource Groups Tagging API (RGTA) to enable developers to query and manage tags across multiple AWS services. Elastic Kubernetes Services (EKS) and CloudWatch resources are now fully integrated with the RGTA, and support for the Elastic Compute Cloud has been extended to provide an API for creating and deleting actual fleets of IT infrastructure resources versus...
Post a Comment
Read more

Future Proofing the Foundation for AI-Ready Security Operations

Last December, the International Telecommunication Union (ITU), the United Nations’ (UN) body for information and communication technologies, supported  Open Cybersecurity Schema Framework (OCSF)  for ratification as an international standard by June 2026. Standardization is now a global necessity as governments worldwide integrate ITU standards into their national cybersecurity policies. First, What is OCSF? The OCSF provides a standardized approach to streamline security operations, improve threat detection, and accelerate incident response. This unlocks the full potential of security data. A standardized schema for security events normalizes data from various sources, which creates a unified foundation for advanced analytics and AI-powered tools. This standardization is crucial for unleashing the full potential of generative AI in cybersecurity, allowing organizations to better identify patterns and correlations across disparate data sources. Data Standardiza...
Post a Comment
Read more

AI Didn’t Break Your DevOps Pipeline, Your Process was Already Rotten 

AI didn’t sneak into your stack  and quietly sabotage a once-pristine DevOps pipeline . That story is comforting, but it’s fiction. What’s really happening is far less dramatic and a lot more uncomfortable.    Automation has a way of turning small process flaws into loud, impossible-to-ignore failures. AI just does it faster and with more confidence. If your releases feel shakier, alerts feel noisier or postmortems feel more surreal than useful, AI isn’t the villain. It’s the spotlight.    Teams are discovering that the shortcuts, workarounds and undocumented assumptions they’ve been living with for years don’t survive contact with systems that act at machine speed. Hence, this isn’t an argument against AI in DevOps — it’s more of an argument against pretending your process was healthy before you plugged it in.   AI Amplifies Weak Signals You’ve Been Ignoring   DevOps pipelines rarely collapse out of nowhere . They decay quiet...
Post a Comment
Read more

Critical Cloud Becomes the World’s First “Powered by Datadog” Partner

Cardiff, Wales, March 24th, 2026, CyberNewswire Critical Cloud  today announced that it has become the world’s first partner to achieve the “Powered by Datadog” accreditation, recognising a managed service model built on  Datadog  (NASDAQ: DDOG) as its operational foundation across AWS and Azure environments. “Powered by Datadog” is a premier designation awarded to partners who have deeply embedded Datadog into their managed services and demonstrated technical and onboarding excellence. Each partner undergoes formal technical review by Datadog technical teams, validating architecture, onboarding, governance maturity, and live customer implementations. Achieving “Powered by Datadog” requires partners to hold the Certified Datadog Advanced Partner status and reflects Critical Cloud’s proven ability to use Datadog as the operational backbone of its managed services – helping customers improve reliability, reduce downtime, and accelerate troubleshooting through a unified...
Post a Comment
Read more