The Visibility Gap: Turning Observability into DevSecOps Signals (sponsored by Datadog)Security teams and dev teams share the same production environment but operate from different signals. Without runtime context, security monitoring has blind spots with misconfigured infrastructure and threats in flight. This session draws on Fone Dynamics' ISO 27001 journey to show how runtime telemetry, cloud audit logs, and code scanning give DevSecOps and SecOps teams shared context.
What this session is about
Playbook
Editorial commentary · what to actually do about this on Monday
The concept
SecOps and DevOps see the same systems through different lenses. Runtime telemetry becomes the shared substrate that makes them speak the same language.
Why it matters
Vulnerability scans tell you what *could* be wrong. Runtime telemetry tells you what *is* wrong, right now. ISO 27001 (and most modern audits) want evidence of controls *operating*, not just existing.
The hard parts
Mapping abstract control language ("access is restricted to authorised users") to concrete log events ("user X read object Y from bucket Z") is laborious. Most orgs duck it.
Playbook moves
(1) Build a control-to-signal map: one row per control, one column per evidence source. (2) Anything without a signal source is a paper control — burn those down. (3) Tag existing logs with control IDs at ingestion, not at audit time.
The surprise
The fastest path to ISO 27001 evidence isn't more controls — it's tagging existing logs to existing control IDs. Most enterprises already have 70%+ of evidence; they just can't find it on demand.
---
Independent editorial perspective — not an official AWS or speaker statement. Designed for executives evaluating what to brief their teams on next.
Live updates related to this session LIVE
Sourced via Parallel AI Monitor — continuous web watch on 21 topical streams. Updated .
- github.com high confidence Agent dev tools & observability
GitHub - Siddhant-K-code/agent-trace: strace for AI agents. Capture and replay every tool call, prompt, and response from Claude Code, Cursor, Gemini CLI or any MCP client · GitHub
The 'agent-trace' developer tool (GitHub: Siddhant-K-code/agent-trace) has launched significant new monitoring and control features: 1) A 'watch' mode that automatically terminates agents (using SIGSTOP or SIGTERM) when specific rules in a .watch-rules.json file are triggered, su
- insights.reinventing.ai high confidence Open-source agent infrastructure
Open-Source AI Agent Infrastructure Reaches Production Maturity
Galileo released Agent Control, an open-source (Apache 2.0) control plane designed for the centralized governance, real-time policy enforcement, and safety of AI agents. It allows developers to integrate governance hooks using a @control() decorator, decoupling policy management
- api.aport.io high confidence Agent identity & delegation
AI Agent Authentication & Authorization in 2026: What Works ...
A new authorization architecture known as the Three-Layer Model has been proposed by APort. This framework shifts security from prompt-based controls to deterministic infrastructure policies across three layers: Authentication (using OAuth 2.0, OIDC, SPIFFE/SVID, mTLS), API Autho
- fast.io high confidence Agent identity & delegation
AI Agent Delegation Patterns: Four Best Architectures for 2026 | Fastio
A new authorization architecture known as the Three-Layer Model has been proposed by APort. This framework shifts security from prompt-based controls to deterministic infrastructure policies across three layers: Authentication (using OAuth 2.0, OIDC, SPIFFE/SVID, mTLS), API Autho
- producthunt.com high confidence Agent dev tools & observability
The best new AI agents in 2026 - Product Hunt
TraceRoot launched an open-source observability platform for AI agents featuring a 'self-healing layer' that captures traces and uses AI to automatically identify bugs and open fix PRs by analyzing source code and GitHub history. It includes an OpenTelemetry-compatible SDK for ca
External links matched to this session via topic relevance. The KB does not endorse third-party content; verify before citing.