Dependabot + AI Remediation + Nix: Building a Verifiable Vulnerability Response Pipeline
A practical enterprise architecture for combining Dependabot alerts, AI-assisted remediation, and Nix ecosystem support with auditable controls.
Priya Sharma
Security and identity systems. Passkeys, privacy, and browser platform changes.
144 articles
Cloudflare Organizations Beta: A Practical Governance Model for Multi-Account Enterprises
How Cloudflare Organizations changes identity, policy, and operations for enterprises managing many Cloudflare accounts.
Cloudflare's 2029 Post-Quantum Target: A Practical Migration Playbook for Engineering Teams
How to turn post-quantum urgency into an executable roadmap across TLS, service identity, and operational risk controls.
Signed Commits for Copilot Cloud Agent: What It Unlocks for Branch Protection
GitHub Copilot cloud agent commit signing enables stronger branch protection and clearer provenance for agent-generated changes.
GitHub + Runtime Context: Operating Vulnerability Prioritization Beyond CVSS Scores
How platform security teams can combine code scanning, dependency alerts, and runtime exposure signals to fix what matters first.
Defending Against Hostile Distillation: A Practical Security Program for AI Teams
A governance and engineering playbook to reduce model extraction risk while maintaining partner ecosystem velocity.
Programmable DDoS Mitigation: Operating Custom UDP Protection Without Breaking Production
A practical rollout guide for programmable flow protection on global networks, including safety controls, test harnesses, and incident runbooks.
Copilot Cloud Agent and Commit Trust Boundaries: Enterprise Controls That Actually Work
A practical governance model for runner selection, firewall policy, signed commits, and incident response in Copilot cloud agent rollouts.
When AI Assistants Are “For Entertainment”: Enterprise Governance Beyond Marketing Claims
A practical legal-and-engineering framework for teams adopting coding copilots while terms of use still shift faster than internal policy.
Enterprise Windows AI Rollout Governance: Device Segmentation, Policy Rings, and Support Readiness
A practical framework for introducing new Windows AI-era capabilities in enterprise fleets without triggering helpdesk overload or policy drift.
GitHub Copilot Cloud Agent Governance Playbook: Runner Controls, Commit Signing, and Firewall Policy
A practical operating model for enterprises adopting Copilot cloud agent features announced in 2026, with guardrails for security, productivity, and auditability.
EmDash and the Return of the CMS: Designing Plugin Security for the Agent Era
Cloudflare’s EmDash beta revives the CMS model with sandboxed plugin isolates, offering a new blueprint for extensibility without platform-level compromise.
GitHub Actions Security in 2026: Turning Roadmap Features into Practical Guardrails
A practical implementation guide for GitHub Actions hardening using OIDC customization, runner controls, and workflow governance.
Cloudflare 1.1.1.1 Privacy Assurance: Turning Audit Announcements into Operational Trust
How to evaluate public DNS privacy claims in your own architecture, from resolver routing and data retention to policy evidence and incident communication.
Copilot Cloud Agent Signed Commits: Enterprise Enforcement Strategy Beyond the Checkbox
How to operationalize GitHub Copilot cloud agent signed commits with branch protection, provenance checks, and incident-ready evidence workflows.
Local AI Desktop Agents Are Going Mainstream — Governance Must Catch Up
Open-source desktop agents are getting easier to run; enterprises need clear control models before broad adoption.
Axios NPM Compromise: An Enterprise Response Blueprint Beyond Emergency Pinning
How to convert package compromise incidents into durable supply-chain controls, from blast-radius mapping to policy-driven dependency workflows.
From “Security” to “Security & Quality”: A DevSecOps Operating Model for Unified Risk Triage
Practical guidance on using GitHub’s Security & quality view to merge vulnerability response and code-health governance into one workflow.
Passkeys at Scale: Device-Bound Sessions and Identity Hardening for High-Risk Apps
A phased rollout strategy to move from password+OTP toward phishing-resistant authentication and measurable account safety.
From Security Tab to Security & Quality: A Better DevSecOps Operating Model
How to use GitHub’s Security & quality surface to unify vulnerability response, code health, and engineering accountability.