DZone.com Feed

Securing AI-Generated Code: Preventing Phantom APIs and Invisible Vulnerabilities (Thu, 15 Jan 2026)
The conference room went silent when the fintech's CISO pulled up the logs. There, buried in production traffic, sat an endpoint nobody had documented: /api/debug/users. It was leaking customer data with every ping. The engineer who'd committed the module swore he'd only asked GitHub Copilot for a "basic user lookup function." Somewhere between prompt and pull request, the AI had dreamed up an entire debugging interface — and nobody caught it until a pentester found it three months later. That incident, which happened at a Series B startup in Austin last spring, isn't an outlier anymore. It’s a preview of what happens when we let machines write code faster than humans can read it.
>> Read More

DevSecOps for MLOps: Securing the Full Machine Learning Lifecycle (Thu, 15 Jan 2026)
I still remember the Slack message that arrived at 2:47 AM last March. A machine learning engineer at a healthcare AI startup, someone I'd interviewed six months prior about their ambitious diagnostic model, was having what could only be described as an existential crisis. "Our fraud detection model just started flagging every transaction from zip codes beginning with '9' as high-risk," he wrote. "We can't figure out why. It wasn't doing this yesterday. We've rolled back twice. Same behavior. We think someone poisoned our training pipeline but we have no audit trail. No signatures. Nothing. We don't even know when the data changed."
>> Read More

From Aspects to Advisors: Design Modular Cross-Cutting Features with Spring AI (Thu, 15 Jan 2026)
In a nutshell, aspect-oriented programming (AOP) is a way of adding extra behavior to existing code without needing to change it. At its core, AOP is a programming paradigm that helps separate cross-cutting concerns (security checks, caching, transaction management, error handling, monitoring, logging, etc.) from the core logic of an application. By leveraging it, behavior that is needed in various layers or modules of an application is modularized and defined in a single place—an aspect—instead of being scattered across various components, which leads to duplicated and hard-to-maintain code or to a mix of business and infrastructure logic. With AOP, such concerns are written once and applied automatically whenever needed. Similarly to AOP, when it comes to Spring AI applications, interaction requests and responses can be intercepted, modified, or augmented on the fly by using the Advisors API. Specifically, when sending or receiving data to or from a large language model (LLM) via a ChatClient instance, existing or custom advisors may be plugged in, and well-defined actions can be performed either before or after passing the request or response further down the execution chain.
>> Read More

Taming Reinforcement Learning Chaos: An MLOps Architecture for Experiment Management (Thu, 15 Jan 2026)
Reinforcement learning (RL) has achieved superhuman performance in domains ranging from Go (AlphaGo) to complex robotics control. However, unlike supervised learning, where data is static, RL is dynamic. It relies on an agent interacting with an environment through massive trial and error. For engineering teams, this "trial and error" nature creates a significant MLOps bottleneck. A single viable model might require hundreds of experiments, each with slight variations in reward functions, learning rates, or environment physics.
>> Read More

DevOps Cafe Podcast

DevOps Cafe Ep 79 - Guests: Joseph Jacks and Ben Kehoe (Mon, 13 Aug 2018)
Triggered by Google Next 2018, John and Damon chat with Joseph Jacks (stealth startup) and Ben Kehoe (iRobot) about their public disagreements — and agreements — about Kubernetes and Serverless. 
>> Read More

DevOps Cafe Ep 78 - Guest: J. Paul Reed (Mon, 23 Jul 2018)
John and Damon chat with J.Paul Reed (Release Engineering Approaches) about the field of Systems Safety and Human Factors that studies why accidents happen and how to minimize the occurrence and impact. Show notes at http://devopscafe.org
>> Read More

DevOps Cafe Ep. 77 - Damon interviews John (Wed, 20 Jun 2018)
A new season of DevOps Cafe is here. The topic of this episode is "DevSecOps." Damon interviews John about what this term means, why it matters now, and the overall state of security.  Show notes at http://devopscafe.org
>> Read More