Hello everyone. Thank you so much for joining today. My name is Bar Ndira. I'm a senior software engineer at Ascension Health, and today I'm excited to talk about how AI and generative machine learning are transforming DevSecOps into foster, smarter and more secure discip. In the organization I have worked with, we have seen firsthand how traditional QA and security practices struggles to keep up with the modern delivery velocity. So this session is focused on one idea. How do we evolve devs SecOps into an intelligent, productive, autonomous system through ai? Let's dive in. The challenge by traditional dev SecOps is falling behind. Today's software delivery environment is fundamentally different from DevSecOps was originally built for. We are dealing with extremely high deployment velocity, daily and continuous deployments. Microservices are distributed cloud native architectures, right, dynamic attack surfaces, and unpredictable interactions. But our QA cycles, security reviews, unscripted automation are still largely static. The result, a widening gap between deployment, speed and assurance. Traditional pipelines simply cannot safeguards today's complexity because they rely on rigid tests and predefined security rules while real world systems behaves in fluid, unpredictable ways. This is why we need significant evolution. Evolution required for reactive to intelligent DevSecOps. DevSecOps has to move from reactive to predictive manual to automated static context error, gatekeeping acceleration. We are no longer talk, talking about adding more checks. We are talk, talking about self-learning systems. That enhance QA and security automatically. So think about like this. AI becomes the engine that drive this transformation, right? AI is going to be feature that's going to drive this transformation. Let's move on to this next slide. Generate you AI accelerating test and security script creation. One of the biggest. Breakthrough is generative AI for tests and security automation. AI tools like copilot can do everything right, but I just shot it into a little bit of what are I am seeing it day to day read usage storage. It was able to re it stories, understand code context, generate complete test suits. Create security validation scripts built end-to-end scenarios aligned with real business logic. These are automated these are excellent. So read user stories. It was able to read the user stories and add stories to our Jira as well using cps, right? JIRA plugins. So these are all something which GitHub copilot can do right now. This drastically reduces manual scripting efforts and ensures. Coverages of scenarios humans often overlook. In short, yay becomes your automation engineer working 24 7. Moving on to next slide, machine learning, predictive quality engineering. This is an interesting topic, which we are like using. Most of the companies started using day-to-day, so machine learning takes this step further by making your pipeline intelligent. Machine learning models can analyze it, analyze production logs, historical defects. What else? Code changes. Any threats, intelligence system, behavior patterns, and then they can make predictions, which models are risky. Why is that risky? Which tests should run fast? Why is it running fast, slow now? Which areas are likely to break? What is the, what are the chances that data can break in future code changes where new vulnerabilities might emerge? That's again, key, right? We are all into security where I'm seeing like the security testing is rapidly going fast and machine learning can, using, use that this create risk-based testing strategy that reduces execution time. While improving the accuracy, that's the key. QA is more crucial for accuracy. So here we are increasing the execution time and increasing the speed of the testing and while improving accuracy. Think of this as your pipeline, learning from every release and getting smarter over time, that's like excellent feature, right? Machine learning was able to help us, that our pipeline itself learning, okay, these are the things going on. Okay, this needs to be improved. If you receive a email with all the issues, what are the things we changed from the previous things that's going to make a real impact. Let's move on to. The key thing, the real world impact. When teams adopt a driven SecOps, the impact is dramatic. Major reduction in text test, execution time, foster identification of vulnerabilities, huge drop in manual scripting. Better coverage of edge cases is early detection of system anon. You in this way, what will happen, what is the real world impact here? You deliver faster, safer, and with higher confidence. That's the key. We need to be confident when we are delivering something. Let's move on to a case study here. A driven test data generation. Let me share a real world example in microservices environment. Generating realistic, interconnected test data is extremely dissolve difficult. Yay. Solve this by how can yay help us? Yay, can solve this by understanding the schemas, what kind of schemas we have. Analyze the production data patterns, what kind of data we are getting in production, what kind of data we should use to recreate these issues, or what kind of data if we use, we can eliminate some of these issues to do. That's something we can use the AI for Synthesize realistic data sets. That bunch of data sets can be there. It can help us to synthesize the realistic data sets. Auto generating boundary and edge case data. So that's something which is always tricky. There are multiple edge cases can be there. We can use here. Help to understand some of the edge cases, the outcome of this case study, test data generation. Test data preparation time drops massively while coverage significantly increases. That's the key. Dramatically reduces the test data preparation time with significantly improved coverage across service boundaries and data sets. That's key. Let's move on to another case study where machine learning based anomaly detection. Another powerful use case is anomaly detection. Machine learning can learn what normal looks like across distributor services, and then monitor for deviation in the real time. That's very key, right? Performance drifts, suspicious access patterns, latency spikes. Unusual resource conception. This are something where which we can use the machine learning set. When ano an anomaly occur, the system can trigger automated workflows, alert, security systems, or even mitigate. We stage attacks where in my case, we are triggering a Slack alert. Hey, there is some kind of spy thing, suspicious pattern going on, which is not happening day to day. We can, we are seeing like there is a slowness when a user try to submit a prob, this is taking this long, this was not the case in past. So un importantly, unusual unusual resource conception like memories. It, we can also see memory conception might be too high. This was never happened in the past. We can request, we can. We will receive a Slack notification. If it's way bad, we will also receive a call. This brings us closer to autonomous operation in pipeline. Okay, let's move on to next slide. Integration strategy. How to bring a into your pipeline. You don't need to rebuild your digs. DevSecOps pipeline. Your adaption happens in phases. Phase one, assess and pilot. Start small. It's always important. Don't rush into the things. Start small. Usually with AI based generation and vulnerabilities planning, that's where you, you should start phase two. Integrate and train. Connect AI tools into your ci cd pipeline. Train machine learning models using historical locks. Incidents. How the, how, what are the errors were happening? Give enough access to the machine learning models. What are the things it should rate? Okay, on phase three, the key thing, skull and optimize. Expand to more service. Refine your models with feedback loop. The model service, you gi give the machine learning models, it can get more data and understand how the system works here. And phase four is again another important one. Autonomous operation enable AI to make real time decisions such as test prioritization and automated security export. So those are some key things. Okay, to move on to next slide. No complete overhaul required. This is important. Yay augments. It does not, doesn't replace your existing framework space. It would, it won't. It's not going to change your existing automation framework. It's just going to improve it. Okay. That's the key thing again how efficient it's going to be, how important it's going to be. That's the key thing. Your security policy, stay your security policy means your company security policies is going to stay. That's again, a key thing. Okay? Alright, next one. Your CACD pipeline stay. Your CACD pipeline is going to not going to change. It's going to still stay same as it was before. Focus. Yay. On the areas where manual efforts is highest and risk is greatest for maximum R way. Yay. Simply takes over the most repetitive, complex and high risk tasks to boost speed and quality. Let's move on to this next slide number 10. Risk-based testing Focus, vari matters. Yay enables intelligent prioritization there. In my opinion, it's a pyramid. There are five important things, which A, is AI prioritize. Okay. Critical parts, high risk models recently change code, change components in integration boundaries, low risk, stable code, and I like to tell a stable low risk areas. This cuts execution time and improves precision by validating. What truly impacts business critical functionality, so that's important, right? Validating the what truly impacts our business Critical functionality. MI models analyze the code, changes historical defect rates, and business impact to automatically prioritize testing effort. This intelligent allocation ensures critical functionality issues maximum validation while reducing wasted efforts on stable low risk areas. Let's move on to the next slide. Slide number 11, automated vulnerability detection. There are three key things, statistic analysis, runtime protection, and dependence. Intelligence. AI improves security through context of our statistic analysis. Also, realtime behavioral monitoring supply chain intelligence prioritized patching this transform security from reactive patching to predictive protection. And if you see dependency intelligence, yea continuously tracks supply chain risk, automatically prioritizing patches based on exploitability and impact. That's important. Okay, let's move to next slide. Benefits, speed, cost, and confidence when YEA becomes part of DevSecOps. Organization experience poster releases. Reduce the test maintenance, proactive security postures, lower operational cost, higher customer trust, resilient systems quality and security no longer slows you down. They become business accelerator. So let's move on to the key slide. Actionable stake takeaways for your team to wrap up with practical aspects. Start with one pilot. Start with one pilot use case, improve your data quality, build your work, build cross-functional teams. Create feedback loops. That's again important. Create mechanisms for models to learn from production incidents and fall and continuous implement is essential focus. Focus on enablement, not replacement position. A s an enabler, not a replacement. It's not going to replace anything. It's just going to improve it, so it's enabler. With these steps, you can move towards intelligent DevSecOps without description, conclusion. The next slide will be conclusion. AI driven DS DevSecOps is not the future. It's the present. We are not going to enter into a, we are already in ai. It transforms quality and security from bottlenecks into powerful competitive advantages. With the predictive defect detection, automatic security scanning, and self-learning pipelines, teams can deliver faster. Safer and with the complete confidence, the organization that adopt AI early with lead innovation, customer trust, and operational excellence. Thank you for joining today. And I am excited for any answer any of your questions. Please email me if there is any questions. Thank you for opportunity. Thank you. Thank you for giving time to me to speak in this conference.