2026 DevSecOps Predictions - AI

With the rise of Agentic AI, and the inevitable fatigue from chasing vulnerabilities, DevSecOps practitioners will start looking for a more robust mechanism for identifying and preventing malicious behavior. Imagine how Agentic AI could amplify a vulnerability like Log4Shell or a worm like Shai-Hulud? While anomaly detection tools abound, we can't strongly assert that our nominal baseline is "good." What if we could know, a priori, how software is supposed to behave? We'll start to see DevSecOps practitioners asking for behavioral models to be delivered right alongside the checksums, signatures, attestations, and SBOMs that we already expect. Developers can use their automated tests to build the behavioral model. If this catches on, this will revolutionize how we approach security guardrails and anomaly detection. - Jason Miller