Container image security pipelines have spent the past several years pushing toward minimal footprints, hermetic builds, and continuous CVE remediation. The Fedora Project is now applying that same approach to the host operating system. At Red Hat Summit 2026, Fedora announced Fedora Hummingbird, a container-based rolling Linux distribution delivered as an OCI image. “The Linux…
Tag: pipelines
AI, Global Security News
The Future of Data Platforms: From Pipelines to Intelligent Orchestration
GUEST OPINION: For years, organisations have invested heavily in building data pipelines — structured flows that move data from source systems into warehouses, lakes, and dashboards. These pipelines have been the backbone of reporting and analytics. But as enterprises accelerate their adoption of AI, digital platforms, and real-time decision-making, pipelines alone are no longer enough.
AI, Global Security News, Risk Management
AI frenzy feeds credential chaos, secrets spread through code, tools, and infrastructure
Code keeps moving through pipelines, and credentials continue to surface alongside it. GitGuardian’s State of Secrets Sprawl 2026 puts the count at 28.65 million new hardcoded secrets in public GitHub commits in 2025, extending a multi-year rise in exposed access keys, tokens, and passwords. Public and internal repositories that contain at least one secret (Source:…
AI, Apps, Exploits, Global Security News, malware
PyPI warns developers after LiteLLM malware found stealing cloud and CI/CD credentials
PyPI is warning of possible credential theft from AI applications and developer pipelines after two malicious versions of the widely used Python middleware for large language models, LiteLLM, were briefly published. “Anyone who has installed and run the project should assume any credentials available to the LiteLLM environment may have been exposed, and revoke/rotate them…
AI, Global Security News
All AI and Security Teams Need Transparent Data Pipelines
Transparent AI data pipelines help organizations verify sources, reduce errors, meet regulations, and build trust by making outputs auditable and reliable.
AI, Compliance, Global Security News
Plumber: Open-source scanner of GitLab CI/CD pipelines for compliance gaps
GitLab CI/CD pipelines often accumulate configuration decisions that drift from security baselines over time. Container images get pinned to mutable tags, branches lose protection settings, and required templates go missing. An open-source tool called Plumber automates the detection of those conditions by scanning pipeline configuration and repository settings directly. What Plumber checks Plumber reads a…
AI, Global Security News, Risk Management
Chainguard locks down CI/CD with secure-by-default actions
Chainguard has announced Chainguard Actions, secure-by-default workflows for CI/CD pipelines that allow developers and AI agents to ship quickly without introducing software supply chain risk. Using an agentic approach, Chainguard Actions provides a continuously secured catalog of workflows maintained by the Chainguard Factory, the infrastructure that has become the industry standard for delivering trusted open…
AI, Global Security News
VAST Data Introduces Foundation Stacks to Accelerate Enterprise Adoption of NVIDIA Blueprints
COMPANY NEWS: New open source library delivers production-ready implementations for scalable pipelines on the VAST AI Operating System
AI, Exploits, Global Security News
TrendAI™ at [un]prompted 2026: From KYC Exploits to Agentic Defense
At [un]prompted 2026, TrendAI™ demonstrated how documents can be used to exploit AI-driven KYC pipelines and introduced FENRIR, an automated system for discovering AI vulnerabilities at scale.
Apps, Global Security News, Risk Management
Everyone uses open source, but patching still moves too slowly
Enterprise security teams rely on open source across infrastructure, development pipelines, and production applications, even when they do not track it as a separate category of technology. Open source has become a default building block in many environments, and the operational risks now look like standard enterprise security problems: patch delays, version sprawl, and aging…