Riding AI DevSecOps Into the Future: What's New in SEC540

Today’s AI toolchains enable product teams to build and release features at unprecedented speed, but they also introduce new opportunities for catastrophic mistakes. From agentic coding assistants running unsanctioned commands to AI-generated code shipping vulnerabilities directly into production, the challenges security teams face never been harder.

SEC540: Cloud Native Security and DevSecOps Automation has always focused on teaching security teams how to use the DevOps toolchain to move security as fast as the product teams building and shipping features.

In the latest version of SEC540, we continue to equip security teams with the tools they need to embed security into development workflows. By focusing several labs on AI-driven tools and configurations, we help security teams understand the AI toolchain and show how it can help them keep pace with the speed of modern software delivery.

Code Editor Agents

Agentic code editing is transforming how teams interact with the DevOps toolchain. Instead of manually learning the syntax of every pipeline tool or cloud configuration API, security teams can now describe what they want to accomplish in plain language and let AI agents handle the execution. This dramatically lowers the barrier to entry for security professionals who need to work alongside developers, inspect infrastructure-as-code, or enforce security policies across repositories, without spending weeks fighting new technologies (and YAML spacing!).

Students now learn how to configure the Continue AI OpenVSCode extension to enable agentic coding backed by LLMs and MCP tools. With this configuration in place, students can invoke code analysis scans, inspect vulnerability reports, and harden version control repository configurations using natural language prompts and AI agents.

AI-Assisted Code Reviews

Code reviews are one of the most effective controls for catching security vulnerabilities before they reach production, but they are also one of the most inconsistently applied. Security teams often lack the bandwidth to review every merge request, and developers do not always know what security reviewers are looking for. AI-assisted code reviews solve both problems by automating the initial security analysis, surfacing issues in seconds, and establishing a consistent baseline of coding standards and security policy that applies to every change, regardless of team size or reviewer availability.

Students will learn how to configure Zenable'sZenable GitLab integration, which uses webhooks to enable AI-assisted code reviews on merge requests. As merge requests are opened, the AI -assistance completes theed reviews  complete in seconds, and leavinge actionable, high-quality feedback directly in the merge request for the reviewer.

Kubectl AI

Kubernetes continues to be the container orchestrator powering microservices and AI workloads across every major industry. As organizations move more workloads into Kubernetes, the attack surface grows with it. Misconfigured RBAC policies, overly permissive service accounts, and exposed API servers are among the most common findings in cloud security assessments. Security professionals need to be able to inspect, audit, and harden Kubernetes clusters confidently, even if Kubernetes administration is not their primary role.

To help security professionals understand how to interact with Kubernetes and audit configurations, last year we released the SANS Kubernetes Cheat Sheet. To make this even more accessible, we are now teaching students how to configure the kubectl-ai assistant and use their preferred LLM to inspect Kubernetes resources, discover insecure configurations, enable security guardrails, and verify deployments.

Microservice Security

Identity is the cornerstone of securing microservices and AI workloads. In a distributed architecture where dozens of services communicate with each other and with external clients, every interaction needs to be authenticated and authorized. Without a centralized identity provider issuing and validating tokens, it becomes nearly impossible to enforce least-privilege access, audit who accessed what, or prevent lateral movement when a service is compromised. Getting identity right from the start is not optional in modern cloud-native environments.

To help students understand how to set up a cloud-native identity provider, each student receives their own instance of a Keycloak identity server. While working through a microservices migration, students learn to set up clients, scopes, and mappings for issuing tokens to end users, which can then be used to access downstream microservice APIs.

SEC540 has covered public cloud API Gateways in both AWS and Azure since the course's initial release in 2017. As cloud-native capabilities have evolved and become more tightly integrated with Kubernetes resources, it has never been easier to enforce identity and claims-based authorization for role-based access control (RBAC) and attribute-based access control (ABAC).

Students will now learn how to use Kubernetes and Kong Gateway to protect microservices. Using the Kong Kubernetes Ingress Controller (KIC), students will see how the Kubernetes Gateway API, HTTPRoute, and KongPlugin objects work together to validate access tokens issued by the Keycloak identity server.

apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
  metadata:
    name: api
    namespace: dm
  annotations:
    konghq.com/strip-path: "false"
    konghq.com/protocols: "https"
    konghq.com/plugins: "keycloak-authorizer"
    dm.paper/owner: "dschrute"
spec:
  parentRefs:
    - name: kong
      namespace: kong-system
  rules:
    - matches:
        - path:
            type: PathPrefix
            value: /v1/api
      backendRefs:
        - name: api
          kind: Service
          port: 8443

Join Us on the Cloud Security Journey

These new topics and labs will help students integrate AI into their daily DevSecOps workflow and understand how to use AI to secure modern workloads faster and more consistently.

AI-Driven DevSecOps Webcast Series

For a deeper dive into each of these new topics, join us for the AI-Driven DevSecOps webcast series, kicking off on March 25th, 2026:

• March 25, 2026: Part 1: Securing Coding Agents with Model Context Protocol (MCP) with Jon Zeolla
• April 23, 2026: Part 2: Protecting Kubernetes Microservices with the Kong Ingress Controller with Eric Johnson
• May 19, 2026: Part 3: Agentic Code Review in GitLab & GitHub with Jon Zeolla
• June 18, 2026: Part 4: Observing Microservices with OpenTelemetry and Grafana with Ben Allen
• July 9, 2026: Part 5: Zero-Downtime Deployments with Kubernetes with Dakota Riley

Ready to see the course in action? Register for a free course preview by visiting SEC540: Cloud Native and DevSecOps Security Automation and clicking the "View course preview" button.

Thank you to past students for their course feedback, which helps the authors and instructors understand the content most valuable to them. And a special thank you to the course authors and instructors for their contributions: Eric Johnson, Ben Allen, Frank Kim, Jon Zeolla, and Dakota Riley.