The Ultimate Guide to DevSecOps
A curated American edition of TechDay news, analysis, interviews, reviews, job moves, and related resources for DevSecOps.
What to know about DevSecOps
DevSecOps represents the integration of security practices within the DevOps process, aiming to build security into every phase of software development and delivery. This approach helps organisations accelerate development cycles while maintaining strong security and compliance standards.
Exploring recent stories tagged with DevSecOps reveals a dynamic field where AI-driven tools, cloud-native security, and collaboration between development, security, and operations teams are shaping the future of secure software delivery. Topics such as risk management, container and API security, supply chain protection, and the rising importance of observability and automation are frequently discussed.
For readers interested in how organisations are addressing evolving cybersecurity threats while enhancing agility and innovation, the DevSecOps tag offers insights into technology advancements, cultural shifts, and best practices that help teams deliver resilient, secure software faster. Whether you are a developer, security professional, or IT leader, following DevSecOps stories provides valuable perspectives on securing modern software development in an increasingly complex digital landscape.
American DevSecOps News
Regional stories with direct local relevance
Sonatype expands Firewall to block malicious packages
Malicious open source packages are increasingly slipping past spelling checks, exposing developer data and build systems to supply-chain attacks.
CodeHunter appoints Anurag Jain as Engineering Chief
The hire signals CodeHunter's push to scale pre-execution software security as threats mount across supply chains and development environments.
Permiso launches AI agent security tools with Autodesk
Autodesk is among early users as the new controls aim to give security teams runtime visibility into unapproved AI agents and their actions.
RegScale raises USD $30 million in oversubscribed Series B
The funding will help RegScale scale faster as federal and enterprise buyers demand quicker compliance checks and less manual audit work.
Upwind launches AI agentic pack for cloud security
It aims to cut alert fatigue by using runtime data to validate threats, prioritise real risks and guide fixes across cloud and AI systems.
Miggo launches Pulse in bid to speed AI exploit response
It aims to cut the time security teams need to spot exploitable flaws and deploy temporary defences before attackers strike.
Analyst Insights
Research and market analysis connected to DevSecOps
Salt Code enforces security policies in AI coding tools
XM Cyber boosts identity access tools for hybrid firms
BeyondTrust named leader in KuppingerCole PAM report
Upwind launches AI agentic pack for cloud security
Cycode launches agentic development lifecycle security
Featured News
Google Cloud CEO sets out enterprise AI agent plan
Enterprises will get one place to build, govern and run AI agents, as Google Cloud expands Gemini Enterprise across models, data and security.
UiPath Accelerates AI in Software Development and Testing
UiPath is pushing AI deeper into software testing, promising autonomous agents that transform quality assurance and developers' roles.
Grafana: Turning data chaos into developer efficiency and CFO savings
Grafana leans on AI-powered observability and Adaptive Telemetry to sharpen developer insight while slashing cloud bills by up to 50%.
Expert Columns
Secure by default: Moving beyond secure by design
Why the next endpoint and SASE disruption will not come from a security vendor
The security challenges in AI-assisted software development
Agentic AI double agents expose dangerous security gaps
Why auto update is the most underrated security feature on your firewall
Integrating AppSec for efficient DevSecOps
How AI is driving the convergence of networking and security
Interviews
Interviews and video coverage from the networkRecent DevSecOps News
CleanStart launches shell-less read-only containers
Existing deployments can gain stronger protection against post-compromise persistence without changing Dockerfiles, CI/CD pipelines or runtime workflows.
Akto widens AI agent security with new integrations
Native checks will now flag prompt injection and data leakage across more of the AI agent stack as enterprises push systems into production.
OpenAI broadens AI cyber tools as arms race heats up
Ransomware pressure on US firms is intensifying debate over whether broader AI hacking tools will help defenders or aid criminals.
BlueFlag lifts Series A after rapid revenue growth
Adoption among big enterprises has helped the cybersecurity start-up secure USD $28 million, as it expands tools for AI-driven software development.
Coralogix & Skyflow team up on secure observability
Coralogix and Skyflow partner to tokenise sensitive log data, balancing observability, privacy and AI-ready telemetry for global firms.
Wallarm appoints new chief executive as AI focus grows
Wallarm names Shayne Higdon chief executive in leadership reshuffle as it pivots from pure API protection to securing wider AI-driven risks.
Firms test just 32% of attack surface, study finds
Organisations test just a third of their attack surface as reliance on agentic AI grows, raising fresh concerns over unseen cyber risks.
Salt unveils platform to secure rising AI agent stacks
Salt launches an agentic security platform to map, monitor and protect how AI agents use LLMs, MCP servers and enterprise APIs at scale.
CISOs warn AI adoption outpaces ability to secure it
CISOs say AI is spreading faster than they can secure it, with poor visibility and skills gaps leaving critical systems increasingly exposed.
Endor Labs buys Autonomous Plane for container security
Endor Labs acquires Autonomous Plane to add reachability-led container image analysis, promising fewer false positives for security teams.
Backslash raises USD $19m to secure AI 'vibe coding'
Backslash raises USD $19m to secure emerging AI 'vibe coding' workflows as autonomous agents reshape how enterprise software is built.
CodeHunter pushes behavioural malware checks upstream
CodeHunter extends its behavioural malware analysis into CI/CD pipelines, targeting risky software artefacts before they reach production.
SIOS sets 2026 vision for clustering in hybrid AI IT
SIOS predicts high availability clustering will underpin secure hybrid clouds, disaster recovery and AI resilience strategies by 2026.
Manifest unveils AI Risk module to boost enterprise AI security
Manifest launches AI Risk module to provide enterprises with automated, real-time governance enhancing AI model security and supply chain transparency.
Kindo triples enterprise adoption & unveils Deep Hat AI model
Kindo.ai triples enterprise adoption, launches Deep Hat AI model, enhancing AI-native automation for security, DevOps and IT operations with zero customer churn.
TCS MasterCraft introduces GenAI for faster legacy IT modernisation
TCS has updated MasterCraft with GenAI and Agentic AI to cut legacy IT modernisation costs by 70% and double the speed of transformation projects.
HackerOne launches AI platform to close security gap
Rising vulnerability volumes are outpacing fix times, prompting HackerOne to roll out an AI system that feeds confirmed threats into developer tools.
Secure Code Warrior launches AI governance learning
Companies can now tie AI code-use risks to developer training, with Secure Code Warrior aiming to prove compliance at commit level.
Telus Digital flags AI model safety gaps in benchmark
Enterprises face uneven safeguards as TELUS Digital found no generative AI model was fully immune to attack in 620,000 tests.
DevOps platform vulnerabilities rise in 2025 report
More than half of patched flaws in major DevOps tools were high or critical in 2025, putting software supply chains at greater risk.