Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

certkit

Todd's Tenth Rule of certificate automation

Apr 28, 2026 By Todd H. Gardner In CertKit
I’m an old engineer at heart. Many of my ideals were formed by Joel’s Things You Should Never Do, Fred’s No Silver Bullet, and Brian’s Big Ball of Mud. One of my favorites was Greenspun’s Tenth Rule: The joke isn’t really about programming languages. It’s about a pattern: certain problems have a shape, and no matter how you approach them, you end up building the same solution, in the same order, until you arrive at the same messy place.
Read Post
armo

Runtime Observability for LangChain and AutoGPT on Kubernetes

Apr 28, 2026 By Yossi Ben Naim In ARMO
A platform team at a mid-size SaaS company runs three LangChain agents and one AutoGPT-derived planner on EKS. LangSmith is wired in. OpenTelemetry traces flow into their observability stack. Falco runs on every node. The setup is what most security teams would consider thorough. A pip dependency in one of the agents’ tool packages ships a malicious update.
Read Post
armo

AI Inference Server Observability in Kubernetes: The Four Signals MLOps Tools Don't Capture

Apr 28, 2026 By Ben Hirschberg In ARMO
In August 2025, a vulnerability chain in NVIDIA Triton Inference Server was found that allowed an unauthenticated remote attacker to send a single crafted inference request, leak the name of an internal shared memory region, register that region for subsequent requests, gain read-write primitives into the Triton Python backend’s private memory, and achieve full remote code execution. The exploit chain ran entirely through Triton’s standard inference API. No anomalous traffic volume.
Read Post
armo

Runtime Observability for MCP Servers: A Security Guide

Apr 28, 2026 By ARMO In ARMO
Your security team sees an MCP tool server throw an error. Your APM dashboard shows a latency spike. Your logs capture the JSON-RPC request with its method name and parameters. But none of that tells you whether the tool just read a harmless config file or dumped credentials to an external IP. Traditional observability tools—the APM platforms, the OpenTelemetry traces, the centralized logging pipelines—track performance across your Model Context Protocol deployments.
Read Post

The Research Behind Of Detecting And Attributing LLM-Generated Passwords - Gäetan Ferry

Apr 28, 2026 By GitGuardian In GitGuardian
GitGuardian Senior Cybersecurity Researcher Gaetan Ferry’s latest research shows that AI-generated passwords are leaving fingerprints in the wild. In this interview, he explains how he used Markov chains, a century-old statistical model, to detect patterns in passwords generated by modern LLMs, attribute them to model families, and identify 28,000 likely LLM-generated passwords across public GitHub. The findings are a warning for teams adopting AI coding agents.
View Video
Why IP Address Strategy Has Become a Security Priority for Modern Enterprises

Why IP Address Strategy Has Become a Security Priority for Modern Enterprises

Apr 28, 2026 By SecuritySenses In SecuritySenses
IP addresses don't usually come up in security conversations until something goes wrong. A block gets flagged, a service goes down, or an audit reveals that nobody quite knows who controls which range across the organisation. That blind spot has become harder to defend in 2026. Threat actors have grown more sophisticated about exploiting poorly managed IP space, and the secondary market for IPv4 has introduced reputation, provenance, and supply chain concerns that didn't exist a decade ago.
Read Post
DevOps Services: What They Are, How They Work, and Why Your Business Needs Them

DevOps Services: What They Are, How They Work, and Why Your Business Needs Them

Apr 28, 2026 By SecuritySenses In SecuritySenses
The way businesses build and deliver software has changed dramatically over the past decade. Gone are the days when development teams would work in isolation for months before handing off a product to operations staff for deployment. Today's competitive market demands speed, reliability, and continuous improvement - and that is exactly what DevOps services are designed to deliver.
Read Post
teleport

Guide: DORA Compliance Evidence for Agentic AI

Apr 27, 2026 By Kayne McGladrey In Teleport
→ What DORA assessors actually evaluate → How DORA controls map to specific evidence requirements → Common evidence gaps that can interfere with audits → The evidence challenges of agentic AI → The full blueprint for DORA compliance now and in the future The Digital Operational Resilience Act (DORA), otherwise known as Regulation (EU) 2022/2554, represents a fundamental shift in how financial institutions must show their compliance.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.