GitLab has been named a Leader in the 2026 Gartner Magic Quadrant for DevSecOps Platforms.
Mobile DevSecOps as it's currently implemented has a big problem: it's too slow and inefficient to keep up with the constantly evolving threat landscape. In the typical way of doing things, common tools like pen testing and code scanning identify known vulnerabilities, and the mobile app is then booted back to the development team where they manually add whatever protection they can within the time they have.
But the threats don't stay static. They evolve as cybercriminals find new vulnerabilities and techniques to exploit. The development process don't stop either — as old vulnerabilities are fixed, new features are added, some of which may introduce new weaknesses. Developers lack a real-time understanding of what the threat landscape really looks like in the field. As a result, publishers are constantly releasing apps that are under-protected against current threats.
A Data-Driven Process
Companies are rapidly moving towards data-driven decision-making, using real-time data and analysis to understand how they can optimize operations, strengthen the supply chain and enter new markets that will provide a return on investment. Mobile DevSecOps is not an exception — data-driven decisions about security will not only provide stronger protection against threats, but will also be far more efficient, with much less wasted effort.
But data, alone, is not enough to solve the problem. Good information is useless if the DevSecOps team cannot act on it quickly, and manual methods of implementing security are slow and expensive. Like the rest of the DevOps process, security must be automated, so that new protections can be rapidly included in the next build as they are needed.
Together, automation and real-time threat data make up the two pillars of data-driven DevSecOps. The team has a system that provides it with real-time information about the threats and attacks their mobile apps are encountering in the field right now. With this information, the DevSecOps team can make informed decisions about which are the highest priority security protections to build into the next release.
Beyond Gut Feelings
Mobile apps and the devices on which they run are capable of collecting a wealth of information: threat type, the network, geographic location, OS version and much, much more. All this data provide DevSecOps teams with an extremely granular view of both current and emerging threats that can be sliced according to device, OS, geography — the possibilities are near limitless.
With this wealth of real-time data, the DevSecOps team can make the best use of their time to provide protection against the threats that truly matter.
Once implemented, data-driven DevSecOps teams can not only identify the most urgent threats against which to protect, but they can also prove after release how well the protections are working. In this way, the DevSecOps team can easily justify its value to senior management, partners and other stakeholders, and demonstrate compliance with both internal and external regulations.
It's time for organizations to move beyond manual methods for incorporating mobile app security and gut-feel decisions or analyst recommendations about security models. With data-driven DevSecOps, development teams won't just be shooting in the dark. They'll be using real-time information to identify and protect against new threats and attacks before they can be launched at scale.
Industry News
Sembi announced AI Test Prioritization in TestRail 10.5 and Xray 15.0.
Azul launched a free JVM vulnerability risk assessment to address the blind spot that autonomous AI exploitation tools are increasingly able to find.
CData Software launched three products for developers building AI applications on enterprise data: Connect AI Developer Edition (free), the CData Connect AI Python SDK (open source), and CData CLI.
Liquibase released the open source Liquibase CVE Library (Common Vulnerabilities and Exposures Library) to foster security and transparency across the Liquibase Community.
Flux announced $5 million in new funding led by Calibrate Ventures.
The Linux Foundation, the nonprofit organization enabling mass innovation through open source, announced the intent to launch the Agent Name Service (ANS), a new open standard designed to provide trusted identity, verification, and discovery for AI agents operating across the internet.
Secure Code Warrior introduced its new SCW AI Adoption Model, a practical framework that maps the full progression of AI use in software development, from minimal AI assistance or fully autonomous agentic orchestration.
Snyk announced Evo Agentic Development Security (ADS), extending security coverage to the AI workforce powering modern software development.
Momentic launched a major platform update that rethinks software verification for the AI era.
Check Point® Software Technologies Ltd. announced the use of OpenAI’s frontier cyber capabilities into its customer-facing defenses.
TypeMock announced the launch of TypeMock Test Review, a new solution that helps software development teams evaluate the quality of their unit tests by identifying duplicate, fragile, ineffective, and high-maintenance tests that wasn't required before AI generated tests.
Check Point® Software Technologies Ltd. announced its upcoming integration with Amazon Bedrock AgentCore.
UltraViolet Cyber (UltraViolet) announced the launch of UltraViolet Solstice, its proprietary AI platform for application penetration testing.
Infragistics launched three integrated AI development tools that make up its new Ignite UI Enterprise MCP toolchain.




