GitHub Actions Hardening in 2026: Allowlisting, OIDC, and Incident-Ready Pipelines
A practical security blueprint for CI/CD after recent workflow compromises: action allowlists, ephemeral credentials, and containment drills.
Priya Sharma
Security and identity systems. Passkeys, privacy, and browser platform changes.
144 articles
GitHub Credential Revocation at Scale: Enterprise Incident Playbook for CI/CD Identity
A practical response model for leaked tokens, compromised automation credentials, and fast containment using revocation-first workflows.
GitHub OIDC Custom Properties + Copilot Agent Controls: Enterprise Governance Pattern for 2026
How to combine new OIDC claims and Copilot repository-access controls to harden CI/CD identity and agent operations without slowing teams down.
LiteLLM Compromise Wake-Up Call: Supply-Chain Response Playbook for AI Dev Stacks
How to respond when a popular AI dependency is compromised, and how to redesign package governance to prevent repeat blast-radius events.
Cloudflare Agent Sandboxing: How to Convert “100x Faster” into Real Production Security
A practical architecture and operations guide for teams adopting high-speed isolate sandboxing for AI agent code execution.
Cloudflare Dynamic Workers: A Practical Sandbox Playbook for Agent-Generated Code
How platform teams can adopt isolate-based execution for AI-generated code with clear trust tiers, guardrails, and operational SLOs.
Dynamic Workers at Scale: A Governance Playbook for AI Code Sandboxing
A practical operating model for running AI-generated code in isolates with policy controls, observability, and rollback discipline.
GitHub Actions Copilot Approval Changes and CI Trust Governance
A practical governance model for balancing developer speed and approval controls in Copilot-driven workflow runs.
When AI Tooling Gets Hijacked: Supply-Chain Defense for Python LLM Stacks
A response playbook for engineering teams after package compromise incidents in widely used AI infrastructure libraries.
Cloudflare Custom Regions: Designing Enforceable Data Boundaries for Global Platforms
A practical architecture guide for turning regional data promises into technically enforceable controls with audit evidence.
AI Security for Apps GA: Runtime Protection Patterns for Agentic Systems
A practical defense architecture for prompt abuse, tool misuse, and data leakage as AI security controls move into mainstream app platforms.
Cloudflare’s ETL-less Threat Intelligence Direction: A SOC Playbook for Real-Time Decisions
How security and platform teams can use Cloudflare’s ETL-less threat intelligence approach to reduce detection lag and analyst toil.
JetBrains Copilot Agent Upgrades: Governance Playbook for Hooks and MCP Auto-Approve
A rollout blueprint for custom agents, sub-agents, hooks, and MCP auto-approve in enterprise JetBrains environments.
When Copilot Licensing Shifts: Enterprise Readiness Beyond Procurement
How to respond to Microsoft Copilot plan changes with architecture, governance, and workforce enablement instead of reactive cost cuts.
Invisible Code and AI Coding Supply Chains: A Defensive Engineering Playbook
How engineering organizations can defend against hidden-code and package supply-chain abuse in AI-assisted development workflows.
From Agent Commits to Audit Evidence: Designing a Copilot Session Traceability Control Plane
A practical architecture for connecting AI-authored commits to session logs, policy checks, and incident forensics.
From Agent Commit to Session Log: Designing Traceability Controls for AI-Assisted Delivery
How to use commit-to-session linking in Copilot coding agent workflows for auditability, review quality, and incident response.
Invisible Code Attacks (GlassWorm) and JavaScript Supply Chain Defense in 2026
A practical defense strategy for npm/GitHub ecosystems against obfuscated Unicode and hidden control-character attacks in package and CI pipelines.
From Local Language Strength to Enterprise Value: Adopting Rakuten AI 3.0 Responsibly
A practical framework for evaluating open Japanese-centric models in regulated enterprise environments.
Invisible Code in npm: A Supply Chain Response Playbook for Engineering Teams
Operational guidance for invisible code in npm: a supply chain response playbook for engineering teams in enterprise engineering organizations.