Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

tigera

How to Stub LLMs for AI Agent Security Testing and Governance

Apr 2, 2026 By Alister Baroi In Tigera
Note: The core architecture for this pattern was introduced by Isaac Hawley from Tigera. If you are building an AI agent that relies on tool calling, complex routing, or the Model Context Protocol (MCP), you’re not just building a chatbot anymore. You are building an autonomous system with access to your internal APIs. With that power comes a massive security and governance headache, and AI agent security testing is where most teams hit a wall.
Read Post

Enforcing GitHub Repository Backups with Rubrik and GitHub Actions

Apr 2, 2026 By Rubrik In Rubrik
Your CI pipeline enforces tests, security scans, and policy checks before code hits production. But your backups? Still running on a schedule, completely disconnected from your deployments. In this video, I'll walk you through how to use Rubrik's powerful APIs to build what I'm calling "Backup as Code": a GitHub Action that triggers an on-demand Rubrik snapshot of your GitHub repository every time code is merged into the main branch. We'll look at the action code, wire it up to a live repo, and watch the whole thing run end to end.
View Video

The AI Compliance Gap No One's Talking About (ISO, NIST, EU AI Act)

Apr 2, 2026 By Mend In Mend
Mend.io, formerly known as Whitesource, has over a decade of experience helping global organizations build world-class AppSec programs that reduce risk and accelerate development -– using tools built into the technologies that software and security teams already love. Our automated technology protects organizations from supply chain and malicious package attacks, vulnerabilities in open source and custom code, and open-source license risks.
View Video
veracode

Mastering Software Supply Chain Management in 2026

Apr 2, 2026 By Natalie Tischler In Veracode
Engineering teams face a dual mandate: ship high-quality features faster and keep the underlying infrastructure secure. As development velocity increases, so does the complexity of the tools, libraries, and third-party components that make up your applications. Software Supply Chain Management is the discipline of securing these interconnected components.
Read Post
veracode

Breaking Down the Axios Supply Chain Attack

Apr 2, 2026 By Veracode Threat Research In Veracode
Apr 2, 2026 Mastering Software Supply Chain Management in 2026 Read More Natalie Tischler Mar 31, 2026 Why Security Debt Should Be a Board-Level Priority Read More Natalie Tischler Mar 26, 2026 Prioritize, Protect, Prove: A Roadmap for Application Security Transformation Read More Natalie Tischler.
Read Post
1Password

Natoma and 1Password help enterprises scale AI securely with governed agent access

Apr 2, 2026 By 1Password In 1Password
To support enterprise workflows like monitoring systems, triaging support tickets, and automating routine work, AI agents need access to the same sensitive systems employees use, including databases, APIs, SaaS tools, and internal infrastructure. However, many of these systems still rely on shared passwords, API keys, tokens, and other credential-based access paths that are difficult to manage and control.
Read Post
salt security

The Agentic Stack Explained: How LLMs, MCP Servers, and APIs Work Together

Apr 2, 2026 By Eric Schwake In Salt Security
The term AI agent is dominant in current cybersecurity discourse. Vendors, analysts, and CISOs all use the label, yet technical confusion remains regarding how agents actually operate and where the security risks reside. Beneath the surface-level familiarity, there is often significant confusion about what an AI agent actually is, how it operates technically, and most importantly for security teams, where the risk actually lives.
Read Post
apono

Apono vs Entra ID PIM: Building Privileged Access Engineers Will Actually Use Across Cloud

Apr 2, 2026 By Gabriel Avner In Apono
Microsoft Entra ID Privileged Identity Management is designed to bring structure to privileged access inside Microsoft environments. It allows organizations to make roles eligible, require activation, and enforce approval workflows. Within Azure, it performs that role predictably. The challenge begins when engineering workflows extend beyond Azure. Modern infrastructure rarely lives in a single ecosystem.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.