Dependabot sounded the alarm on a large scale. Thousands of repositories automatically received pull requests and warnings, including a high vulnerability score and signals about possible compatibility issues. According to Valsorda, this shows that the tool mainly checks whether a dependency is present, without analyzing whether the vulnerable code is actually accessible within a project.
Results of the survey, conducted in April, have been compiled into GitLab's 2024 Global DevSecOps Report, which was announced June 25. Among the findings, 78% of respondents said they are currently using AI in software development or plan to in the next two years, an increase from 64% of respondents who said they were using or planning to use AI in development last year.
I once transitioned from a SaaS CTO role to become a business unit CIO at a Fortune 100 enterprise that aimed to bring startup development processes, technology, and culture into the organization. The executives recognized the importance of developing customer-facing applications, game-changing analytics capabilities, and more automated workflows. Let's just say my team and I did a lot of teaching on agile development and nimble architectures.
In 2025, nearly every security conversation circled back to AI. In 2026, the center of gravity will shift from raw innovation to governance. DevOps teams that rushed to ship AI capabilities are now on the hook for how those systems behave, what they can reach, and how quickly they can be contained when something goes wrong. At the same time, observability, compliance, and risk are converging.
"AI is reshaping the fabric of DevSecOps in telecommunications," the report reads. "Telcos are under intense pressure to modernize network infrastructure and offer profitable digital services. They're expected to transform into software-driven technology companies, yet still ensure security, reliability, and customer trust as they adopt AI and work to accelerate innovation. This balancing act - between speed, security, and new skill sets - is defining a pivotal moment for the next era of DevSecOps in telecommunications."
However, this change has come with some difficulties, since all our business information is stored online there has also been a spike in criminals who want to get profit out of stealing said information or preventing business operations. Just in 2024, the FBI has reported over $16.6 billion in losses related to cybercrime, and this value is only increasing year over year making that an "observable" environment must also be a "secure" one.
Let's dig into what this really means, why it matters, and where we go from here. But then I thought a bit more. It's not just necessary-it's overdue. And not only for national security systems. This gap in software understanding exists across nearly every enterprise and agency in the public and private sector. The real challenge is not recognizing the problem. It's addressing it early, systemically and sustainably-especially in a DevSecOps context.
The growing complexity of modern software development and the increasing speed at which organizations need to deliver software have led to the widespread adoption of DevOps practices, particularly continuous integration/continuous deployment(CI/CD) pipelines. These pipelines enable rapid development and deployment cycles; however, they also introduce significant security risks that must be addressed continuously. The traditional methods of integrating security, including DevSecOps, are often reactive and inadequate in keeping pace with change.
HoundDog.ai today made generally available a namesake static code scanner that enables security and privacy teams to enforce guardrails on sensitive data embedded in large language model (LLM) prompts or exposed artificial intelligence (AI) data sinks, such as logs and temporary files, before any code is pushed to production. Company CEO Amjad Afanah said the HoundDog.ai scanner enables DevSecOps teams to embrace a privacy-by-design approach to building applications. The overall goal is to enable organizations to shift more responsibility for privacy left toward application development teams as code is being written, he added.
GitLab is a comprehensive DevSecOps platform that integrates security practices into every phase of the software development lifecycle, providing a single application for various needs.
JFrog and NVIDIA have expanded integrations to include the Enterprise AI Factory, enabling the management of AI applications through JFrog's Software Supply Chain Platform.
Zero-trust principles are crucial in modern cybersecurity yet CI/CD pipelines often ignore them by assuming automation is inherently trustworthy, creating security vulnerabilities.
.jpg?height=635&t=1757344641&width=1200)
