Cloud, Containers & Security • Adrian Mouat, Kief Morris & Sam Newman • GOTO 2025

2026-06-15 · Source: GOTO Conferences · Field: Technology & Digital — Cloud Computing & IT Infrastructure, Cybersecurity & Data Privacy, Artificial Intelligence & Machine Learning · Depth: Advanced, extended

Summary

A GOTO 2025 panel discussion featuring Adrian Mouat (Chainguard), Keith Morris (ThoughtWorks), and moderator Sam Newman explored critical issues across cloud, containers, and security. The session highlighted advancements in container security, such as Sigstore for image signing and GitHub's "trusted publisher" for NPM, while noting skepticism regarding the practical utility of SBOMs despite regulatory pushes, citing Jaguar Land Rover's \$2 billion supply chain attack. Discussions on AI in infrastructure automation emphasized the conflict between generative AI's non-determinism and IaC's need for consistency, suggesting AI's role in code generation followed by rigorous testing. The panel also covered Multi-Cloud Platform (MCP) security, often an afterthought, and the growing trend of cloud repatriation driven by cost, flexibility, and data residency, alongside the emergence of specialized "Neo cloud" providers for GPU-heavy AI workloads. Finally, they delved into Infrastructure as Code practices, including test-driven development challenges and strategies for managing configuration drift.

Key takeaway

For DevOps and MLOps Engineers managing cloud infrastructure and container security, prioritize robust supply chain practices. Implement Sigstore for container image signing and eliminate long-lived access tokens, adopting solutions like GitHub's trusted publisher. When integrating generative AI into infrastructure automation, ensure deterministic outcomes through rigorous testing of AI-generated code. Evaluate cloud repatriation for stable workloads, considering total costs and data residency requirements, and explore specialized "Neo cloud" providers for cost-effective GPU-heavy AI workloads.

Key insights

The evolving landscape of cloud, container, and infrastructure security demands robust supply chain practices, deterministic automation, and careful consideration of AI's non-deterministic nature.

Principles

• Sign container images using Sigstore.
• Eliminate long-lived access tokens.
• Manage infrastructure exclusively via code.

Method

For IaC TDD, focus on selective, risk-based tests like network connectivity, not just resource creation. Componentize infrastructure for faster testing cycles. Use simple scripting frameworks like Bats.

In practice

• Implement Sigstore for container image signing.
• Adopt GitHub's trusted publisher for NPM.
• Explore "Neo cloud" for GPU workloads.

Topics

• Container Security
• Software Supply Chain
• Infrastructure as Code
• Generative AI in DevOps
• Cloud Repatriation
• Configuration Drift Management

Best for: CTO, VP of Engineering/Data, Director of AI/ML, DevOps Engineer, MLOps Engineer, AI Architect

Related on AIssential

• Operational AI Is Hard — Until You Understand This One Shift — Operationalizing AI requires a structured approach to deploy, scale, and manage models in production environments.
• Claude outage, June 2026: Reckoning with AI’s increasing status as infrastructure — Generative AI is critical infrastructure; single-vendor dependency poses a significant business continuity risk.
• GPU Shortages: How the AI Compute Crunch Is Reshaping Infrastructure — GPU shortages are forcing AI infrastructure shifts towards cloud, optimization, and diverse hardware solutions.
• A Need for Nuance: The Economist’s Andrew Palmer — AI excels at rapid prototyping but faces significant challenges in production deployment and organizational integration.
• Docker Is Quietly Becoming The Operating System For AI Developers — AI development complexity, driven by integration needs, makes containerization essential for managing diverse components.
• AI Supply Chain Galaxy: 3D Visual Analytics for License Compliance — Visualizing AI supply chain dependencies in 3D reveals widespread compliance risks and simplifies auditing.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by GOTO Conferences.