Enterprises can no longer afford the old trade-off between speed and safety. Developers are under constant pressure to release code faster. At the same time, security teams face an endless stream of new threats. The middle ground is clear, and that is software must be secure and resilient from the start, without slowing innovation.

This is the philosophy Ian Amit, CEO of Gomboc AI, shared in a recent conversation with Dana Gardner, Principal Analyst at Interarbor, on the Security Strategist podcast. Amit argues that the next era of DevSecOps depends on rethinking how engineering and security come together.

Moving Beyond Shift-Left Fatigue

The traditional push to “shift security left” has often backfired. Developers face alert fatigue, drowning in warnings that obscure the real issues. Security teams end up chasing vulnerabilities rather than preventing them. Amit reframes the goal as engineering excellence:

“I want to be proud of my code. It should be secure, resilient, efficient, and fully optimized. That’s what I call engineering excellence.” — Ian Amit, CEO, Gomboc AI

Attackers only need to succeed once; defenders must be right every time. By closing the gap between development and operations, organizations can cut MTTR and reduce risk exposure.

Balancing Accuracy

Generative tools can accelerate development, but they introduce instability.

“With that 10x code, you’re also getting 10x the bugs,” Amit explains.

Deterministic approaches, by contrast, deliver repeatability and precision. Neither alone is a silver bullet. As Amit puts it:

“Use generative to cut through tedious work. Use deterministic approaches to align output to your own standards. You don’t want someone else’s standards creeping into your environment.”

Seamless DevSecOps

The future of enterprise security isn’t about more checkpoints. It’s about weaving security into development pipelines, enabling distributed teams to collaborate without friction. Gomboc AI’s approach centres on reducing engineering toil and empowering enterprises to achieve fast, safe, and automated development.

Key Takeaways

  • Traditional shift-left security can create alert fatigue.
  • Generative tools speed development but may increase bugs.
  • Deterministic approaches offer accuracy and repeatability.
  • Mean time to remediate (MTTR) is the most critical success metric.
  • Collaboration across distributed teams is essential.
  • Security must integrate seamlessly with DevOps processes.
     

Chapters

00:00 Introduction to DevSecOps and Its Importance

03:08 Challenges in Traditional Shift Left Approaches

06:07 The Role of AI in Development and Security

08:58 Balancing Generative and Deterministic AI

11:52 Automation and Metrics of Success in Security

14:44 Collaboration in Distributed Teams

17:59 Integrating SecOps into Existing Processes

20:56 Future of AI in DevSecOps

23:53 Gomboc AI's Approach to Bridging Gaps

About Gomboc AI

Gomboc.ai is a cloud infrastructure security platform built to simplify and strengthen security at scale. By connecting directly to cloud environments it provides complete visibility and protection across risks. Its deterministic engine automatically detects and fixes policy deviations in Infrastructure as Code (IaC), delivering tailored, policy-aligned fixes as pull requests or commits straight into existing DevOps workflows. With Gomboc.ai, enterprises eliminate security backlogs, accelerate remediation, and release with confidence—without slowing innovation.