Skip to main content

2 posts tagged with "CI/CD"

Continuous integration, delivery, and security in the pipeline

View All Tags

The Ceiling for DIY Security Reviews

· 5 min read

Every security team is now running the same debate: build your own AI security review, or buy one. You drop a coding agent into CI, it finds real issues, rerun the same PR and you get different findings, different severities, no memory of last triage, no audit trail for AppSec. Get a better model and you get sharper findings but it won't close the gap. The real question isn't whether an LLM can find issues. It's whether you back yourself to build a great harness. That takes eval infrastructure, state, and the kind of engineering Cloudflare, Rogo, and Anthropic are writing blog posts about. Most teams don't have it. That is the ceiling.