TLDR DevOps 2025-11-19

Every dynamic workload and AI model deployment expands the attack surface in ways traditional security tools weren't built to handle.

Ephemeral containers, multi-cloud sprawl, autonomous AI decisions — all of these create risks that aren't detected by static scanners and legacy tools.

Dynatriace developed this checklist to give platform engineers and SREs an automation-ready framework to manage modern risks:

☑️ Vulnerability and risk management for cloud-native stacks

☑️ Observability-driven security posture management

☑️ Incident response for container environments

☑️ Asset inventory across multi-cloud deploymens

Get the Attack Surface Reduction Checklist ↗️

Kgateway v2.1 features agentgateway integration for AI connectivity, Kubernetes Gateway API v1.3.0 conformance, and global namespace policies.

Datadog's 2025 State of Cloud Security study revealed persistent weaknesses across AWS, Azure, and Google Cloud, including widespread use of long-lived credentials, lagging adoption of IMDSv2, and insufficient guardrails against public storage access. Datadog Cloud Security helps organizations strengthen their posture by enforcing organizational guardrails, identifying risky workloads, securing data perimeters, and detecting misconfigurations across multi-cloud environments.

Replicate, a platform for running AI models, has been acquired by Cloudflare to integrate Replicate's platform directly into Cloudflare and expand the model catalog. As part of the acquisition, Replicate's 50,000+ open-source models and fine-tunes will be brought to Workers AI. Cloudflare plans to introduce fine-tuning capabilities and custom model support to Workers AI, leveraging Replicate's Cog tool. Current users of Replicate and Workers AI can expect uninterrupted service and enhanced performance due to Cloudflare's global network.

Authress stayed up during the major us-east-1 AWS outage by engineering for 5-nines reliability: eliminating unreliable dependencies, using multi-region and edge failover, running custom health checks, doing incremental rollouts, and applying anomaly detection, rate-limits, and customer-driven incident signals. Their architecture assumes “everything fails,” so they continuously validate data, automatically fail over regions, block abusive traffic, and treat customer support as part of their reliability system.

A large study of tens of thousands of Cursor users found that after agents became the default, organizations merged 39% more PRs with no increase in revert or bug-fix rates. Senior developers accepted agent-written code more often, planned more before coding, and generally used agents more effectively, while most user requests (61%) were for code implementation

This guide explains how to use Azure Developer CLI v1.20.0 with Azure Container Apps to implement a “build once, deploy everywhere” workflow through separate container operations and layered infrastructure. It demonstrates how to deploy a Flask application across development and production environments using shared resources, CI/CD pipelines, and GitHub Actions for consistent container management.

Need a roadmap for uniting ITOps and SecOps? Download the IT & Security Operations Convergence Project Template by N-able. Use this template to track actionable steps and apply a strategic approach to identify, prioritize, and manage initiatives - as well as align people, process, and technology for stronger security and streamlined operations. Get the template now.

Atuin Desktop, a local-first runbook editor currently in open beta, aims to bridge the gap between documentation and automation for terminal workflows. The editor allows users to create executable runbooks that can be used to solve common infrastructure problems.

Google Antigravity is an agent-first development platform that pairs an AI-powered IDE with autonomous agents capable of planning and executing complex software tasks across multiple surfaces. It adds task-level transparency, async agent management, easy feedback, and built-in learning to support higher-autonomy coding with models like Gemini 3.

Dropbox Dash has evolved from a search system into an agentic AI to better interpret, summarize, and act on information, requiring a shift towards context engineering. Dash curates context through retrieval consolidation, relevant context filtering, and specialized task agents to improve the AI's decision-making, addressing issues like "analysis paralysis" and "context rot" that arise with too many tools and excessive data.

Cloudflare's global outage yesterday was caused by a ClickHouse permissions change that accidentally doubled the size of a Bot Management “feature file,” exceeding a hard-coded limit and causing the core proxy (FL/FL2) to crash and return widespread 5xx errors. After initially suspecting a DDoS attack, Cloudflare stopped propagation of the bad file, restored a known-good version, and fully recovered services by 17:06 UTC.

PDFs can be a security blindspot. Learn the best ways to protect your PDFs - from watermarking the doc to redacting sensitive data. Read more on the Datalogics blog

Selecting a future-ready container platform requires attention to often-overlooked factors such as rapid access to new Kubernetes releases, long standard support lifecycles, and the ability to run multiple Kubernetes versions on shared hosts for efficiency.

Google Kubernetes Engine marked its 10th anniversary with major innovations to support AI and agentic workloads.