InfoQ Homepage Security Content on InfoQ

Articles

RSS Feed

Newer Older

Cloud

Securing Autonomous AI Agents on Kubernetes: Trust Boundaries, Secrets, and Observability for a New Category of Cloud Workload

Autonomous AI agents break Kubernetes security assumptions with dynamic dependencies, multi-domain credentials, and unpredictable resource use. This article covers production-tested patterns: Job-based isolation, Vault for scoped short-lived credentials, a four-phase trust model from shadow mode to autonomous operation, and observability for non-deterministic reasoning cycles.

Nik Kale
on May 01, 2026
Web Development

The DPoP Storage Paradox: Why Browser-Based Proof-of-Possession Remains an Unsolved Problem

DPoP closes a real gap in OAuth 2.0. Sender-constrained tokens are a meaningful upgrade over bearer tokens for any client that can implement them. But RFC 9449's silence on browser key storage creates the need for an architectural decision that each team must confront deliberately — there is no safe default that works everywhere.

Dhruv Agnihotri
on Apr 30, 2026
DevOps

Preventing Data Exfiltration: a Practical Implementation of VPC Service Controls at Enterprise Scale in Google Cloud Platform

Implementing VPC Service Controls is more about people and process than technology. Organizations must conduct extensive upfront discovery, use phased rollouts to avoid breaking production systems, and design VPC Service Controls that enable rather than block work. Success requires automation, clear exception processes, tracking both security and business metrics, and continuous improvement.

Shijin Nair
on Jan 19, 2026
DevOps

Platform-as-a-Product: Declarative Infrastructure for Developer Velocity

Declarative infrastructure config hides complexity, enabling developers to focus on application code. Unified YAML per service allows early cost validation, while independent CI with centralized CD balances team autonomy and deployment consistency. This standardized approach scales across organizations, making infrastructure invisible and operations automatic.

Avinash Sabat
on Jan 14, 2026
Architecture & Design

Trustworthy Productivity: Securing AI Accelerated Development

Autonomous AI agents amplify productivity but can cause severe damage without safeguards. Defend the ReAct loop—context, reasoning, and tools—through provenance gates, planner-critic separation, scoped credentials, sandboxed code, and STRIDE/MAESTRO threat modeling. With robust logging, bounded autonomy, and red-teaming, agents can deliver trustworthy productivity while minimizing risk.

Sriram Madapusi Vasudevan
on Dec 16, 2025
DevOps

Beyond the Padlock: Why Certificate Transparency is Reshaping Internet Trust

Certificate Transparency (CT) creates public, append-only logs of every TLS certificate issued, enabling detection of rogue or mistaken certificates. This article explores how CT has transformed internet PKI by moving from reliance on certificate authority trustworthiness to providing verifiable transparency that major browsers now require.

Karthiek Maralla
on Sep 08, 2025
Cloud

Ransomware-Resilient Storage: the New Frontline Defense in a High-Stakes Cyber Battle

Cybersecurity has evolved, with ransomware now primarily targeting data storage and backups. To combat this, modern defense strategies focus on making storage systems more resilient. Key tactics include using immutable storage that prevents data from being altered or deleted, employing AI-powered detection, and implementing air-gapping to create isolated, tamper-proof recovery points.

Arjun Mullick
on Aug 25, 2025
Cloud

Zero-Downtime Critical Cloud Infrastructure Upgrades at Scale

Engineers can avoid common pitfalls in large-scale infrastructure upgrades by studying others' experiences. The article provides lessons learned from big firms like eBay and Snowflake, offering solutions for legacy systems, performance validation, and rollback planning. It emphasizes systematic preparation and clear communication to handle challenges and ensure zero-downtime upgrades at scale.

Kiran Bhat
on Aug 18, 2025
Cloud

Sandbox as a Service: Building an Automated AWS Sandbox Framework

This article outlines an automated AWS Sandbox Framework to provide secure, cost-controlled environments for innovation. It leverages AWS services like Control Tower and open-source tools to automate provisioning, enforce security policies, manage resource lifecycles, and optimize costs through automated cleanup and governance.

Gaurav Mittal
on Aug 11, 2025
Cloud

Engineering Principles for Building a Successful Cloud-Prem Solution

Discover how Cloud-Prem solutions combine cloud efficiency with on-premise control, meeting data sovereignty and compliance demands while optimizing operational costs and enhancing customer security.

Satyam Dhar
on Jun 26, 2025
DevOps

Analyzing Apache Kafka Stretch Clusters: WAN Disruptions, Failure Scenarios, and DR Strategies

Proficient in analyzing the dynamics of Apache Kafka Stretch Clusters, I assess WAN disruptions and devise effective Disaster Recovery (DR) strategies. With deep expertise, I ensure high availability and data integrity across multi-region deployments. My insights optimize operational resilience, safeguarding vital services against service level agreement violations.

Srikanth Daggumalli Nishchai Jayanna Manjula
on Jun 20, 2025
Cloud

We Took Developers out of the Portal: How APIOps and IaC Reshaped Our API Strategy

Dynamic API strategist with expertise in transforming legacy management into efficient APIOps frameworks using Infrastructure as Code (IaC). Proven track record in automating API lifecycles, enhancing security, and fostering developer productivity through CI/CD integration. Adept at driving operational excellence and consistency across environments, enabling rapid deployment and innovation.

Balakrishna Sudabathula
on Jun 12, 2025

Newer Articles

Older Articles

InfoQ Software Architects' Newsletter

Articles