Manage CI/CD credentials with GitLab Secrets Manager
…and audit every system those secrets could reach. The wider a secret’s scope, the more work it takes to remediate when exposed — and developers absorb that cost alongside the security team…
Search
All sources
about.gitlab.com
11
pcworld.com
7
neowin.net
5
phoronix.com
5
github.blog
5
cnet.com
4
huggingface.co
4
9to5mac.com
4
cncf.io
3
xda-developers.com
3
arstechnica.com
3
tomshardware.com
3
Videos
More videosTop stories
Autonomous AI at Scale: Adobe Agents Unlock Breakthrough Creative Intelligence With NVIDIA and WPP
…Powered by the NVIDIA OpenShell runtime, every agent operates within a secure, isolated environment, delivering enterprise-grade control, consistency and auditability across the entire marketing lifecycle, with verifiable policy management, answering the…
Paper page - When No Benchmark Exists: Validating Comparative LLM Safety Scoring Without Ground-Truth Labels
…the safer model depends on scenario category and risk measure. Consequently, scores, matched deltas, critical rates, uncertainty, and the auditor and judge used must be reported together rather than collapsed into a…
Alphabet Company Launches Free VPN Software for Windows and Android
…Readers should know, however, that security audits are extremely complex and typically take months to thoroughly evaluate a piece of software. This audit, for example, notes that "we did not explicitly test…
Discussions and forums
Tell HN: Compliance is not equal to Security
For over a decade, I’ve been doing bug bounty, security audits, and security consulting. And if there’s one thing I’ve seen repeatedly, it’s this:Most startups call a security engineer or hire a security agency only when…
1
1
I don't think anyone at my company actually knows where all our pii lives
Security asked us a simple question during an audit. Where is all customer pii stored. And the room literally went silent lol. Warehouse. Backups. Old postgres instances. Abandoned s3 buckets. Random notebooks. Exported …
fastest way to kill an enterprise SaaS deal: make IT feel nervous during auth review
i sit in on procurement/security reviews for a mid-sized company and honestly a shocking number of SaaS products lose trust in the first 10 minutes. usually it’s stuff like: “SSO is only on enterprise” MFA = SMS only no …
Show HN: Vibe – Responsible AI Review for Cq (Stack Overflow for Agents)
Six weeks ago, Daniel Nissani at Mozilla.ai shared cq (https://news.ycombinator.com/item?id=47491466), Stack Overflow for agents. One of the top concerns in that thread was security and trust around shared knowledge.So w…
3
Show HN: Nucleus – A security-hardened, Nix-native container runtime
Hi HN, I've been building Nucleus, a lightweight Linux container runtime focused on two workloads: ephemeral AI-agent sandboxes and declarative NixOS services. It's a single Rust binary, no daemon.It is not a Docker repl…
37
13
AI can detect vulnerabilities, but who governs risk?
…GitLab Ultimate embeds governance, policy enforcement, security scanning, and auditability directly into the workflows where software is planned, built, and shipped, so security teams can govern at the speed of AI. AI…
Beyond BYOK: Why governance matters for AI agents
…Built on GitLab Duo Agent Platform , it's designed for both the developer sitting at a terminal and teams with their agents automating security, verification, compliance and deployment workflows across many projects…
Tested: IPVanish checks all the right boxes for a VPN
…The desktop app is easy enough to use and recent updates have made it even better. Plus, another third-party security audit is a reassuring sign that the service is committed to…
A Top Democrat Is Urging Colleagues to Support Trump’s Spy Machine
…the Brennan Center's Liberty and National Security Program. “They rely on the Department of Justice to conduct thorough audits and to report the results truthfully and promptly. This particular Department of…
Veeam Expands Data Resilience Portfolio with DataAI Command Platform, v13.1 Updates, and AI Trust Framework
…visibility into data and AI systems, enforcement of security and access controls, resilience through backup and recovery, and data readiness to support AI development. The associated assessment provides scored benchmarks, peer comparisons…
Linus Torvalds Rejects Performance Fix "Hack" & Kconfig "Terrible Things" For Linux 7.1
…And the only reason 'pwd' is different is because the audit code treats pwd and root differently. And that, in turn, is because the audit code is just historical and broken, and…