Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

armo

Cloud-Native Security for AI Workloads: Why It Matters and What's Changed

Mar 17, 2026 By ARMO In ARMO
You’ve been securing Kubernetes workloads for years. Your CSPM is running, your CNAPP is configured, your team knows how to triage container alerts. Then an AI agent lands in your cluster — maybe from the data science team, maybe from a vendor integration, maybe from a tool you didn’t even know was running. Within a week, it’s making API calls nobody planned, accessing data stores that aren’t in the architecture diagram, and executing code it generated itself.
Read Post
certkit

ACME Renewal Information (ARI) solves mass certificate revocation

Mar 16, 2026 By Todd H. Gardner In CertKit
In July 2024, DigiCert discovered they’d been issuing certificates with improper domain validation for five years. They gave customers 24 hours to replace 83,000 certificates. CISA issued an emergency alert. Critical infrastructure operators couldn’t meet the deadline. Some customers sued. That’s what mass revocation looks like in practice. The CA finds a compliance problem, the clock starts, and everyone scrambles. ACME Renewal Information (ARI) is the fix.
Read Post
CalCom

Why We're Elevating the Compliance Conversation

Mar 16, 2026 By Matthew Album In CalCom
Before the AI spectacle of RSA arrives, let’s talk about what actually keeps regulated organizations secure RSA is only weeks away. And if you’ve been paying any attention to the pre-conference buzz, or if you work in technology generally, you already know what it’s going to feel like walking that floor: artificial intelligence, everywhere, in everything. AI-powered detection. Autonomous response. Agentic security copilots in everything from threat monitoring to your morning coffee.
Read Post
armo

AI Workload Security on AWS: Evaluating Native Tools vs Third-Party Solutions

Mar 16, 2026 By Yossi Ben Naim In ARMO
Your Bedrock agent running on EKS receives a prompt through your RAG pipeline. CloudTrail logs it as a normal bedrock:InvokeModel event—status 200, authorized IAM role, expected endpoint. But inside the container, the agent’s response triggers a tool call that spawns curl to an external IP, exfiltrating the context window. GuardDuty doesn’t flag it because the connection routes through a permitted VPC endpoint. You open your AWS console and see a healthy API call.
Read Post
armo

How to Evaluate AI Workload Security Tools for Enterprise Teams

Mar 16, 2026 By Ben Hirschberg In ARMO
You’ve sat through three vendor demos this week. Vendor A showed you an AI-SPM dashboard with a pie chart of misconfigurations. Vendor B showed you a nearly identical dashboard with different branding and a slightly wider set of compliance frameworks. Vendor C showed you posture findings with an “AI workload” tag that wasn’t in their product last quarter.
Read Post

Lovable vs. Bolt - Vibe Code Challenge

Mar 16, 2026 By Snyk In Snyk
Which AI tool is better for building a real app without writing code, Bolt or Lovable? In this video, I put both AI app builders head-to-head using the exact same prompt to create a DIY home repair forum. From database setup to authentication, UI design, publishing, and security checks, we compare how each platform performs in real time. The goal isn’t just to generate something that looks like an app, it’s to see whether these tools can actually create something usable, functional, and potentially production-ready. We evaluate.
View Video
teleport

How to Apply NIST 800-53 to AI Systems

Mar 13, 2026 By Matthew Smith In Teleport
Matthew Smith is a vCISO and management consultant specializing in cybersecurity risk management and AI. Over the last 15 years, he has authored standards, guidance and best practices with ISO, NIST, and other governing bodies. Smith strives to create actionable resources for organizations seeking to minimize technological risk and increase value to customers.
Read Post

Methods for Designing AI Identity | Teleport x The Cyber Hut

Mar 13, 2026 By Teleport In Teleport
Three methods for issuing identity to AI agents — and why static credentials will always eventually leak no matter how well you vault them. Ev Kontsevoy breaks down standard credentials, durable identity, and digital twins, and explains why the issuer of identity needs to be the same across your entire environment.
View Video
armo

AI Agent Escape Detection: How to Catch Agents Breaking Their Boundaries

Mar 12, 2026 By Yossi Ben Naim In ARMO
Your SOC gets three alerts in quick succession: an unusual outbound connection from a container, a file read on a Kubernetes service account token, and a process spawn that doesn’t match the workload’s baseline. Three different tools, three separate dashboards, three tickets.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.