Autonomous Patching for Cloud-Native Workloads

January 7, 2026 Alan Shimel AI, CI/CD, cloud native, cloud native security

The cloud-native stack didn’t make security go away—it just spread it across more layers, more repos, more images, and more “who owns this?” moments.

Eilon Elhadad, co-founder and CTO of Echo, talks about a problem every platform team runs into once containers become the default unit of delivery: patching, hardening and vulnerability triage turn into a second job. Not the fun kind, either—the kind where you’re burning cycles on CVEs and rebuilds instead of shipping features.

The cloud-native angle here isn’t “yet another tool.” It’s the idea that a big chunk of security work should be handled before your workloads ever hit production. Think of it like this: instead of every team pulling base images and packages from wherever, then scrambling when a supply chain issue or dependency vulnerability lights up the scanner, you standardize on pre-hardened artifacts that are continuously patched and tested upstream.

That’s the thread Eilon keeps pulling: what happens when you treat the OS and container layer as something that can be managed more like an always-up-to-date, security-aware supply chain—without forcing developers to stop and become part-time vulnerability managers?

Eilon frames it as “autonomous infrastructure,” with AI/agent-driven workflows doing the unglamorous work: research a new vulnerability, figure out what’s real vs. noise, apply the fix, run the tests, and publish updated artifacts. The payoff is simple: platform teams get fewer emergency rebuilds, developers stay focused on product work, and security stops being a whack-a-mole exercise across hundreds of images.

The practical detail: adoption doesn’t require a huge rip-and-replace mindset. It’s closer to swapping what you pull into your CI/CD pipeline—using secure, maintained container images and packages as building blocks—so the baseline gets safer by default.

Cloud marketplaces and predictable pricing matter, but the real story is what this signals for cloud-native operations—security as an upstream, automated discipline, not a constant downstream fire drill.

Alan Shimel

As Editor-in-chief of DevOps.com and Container Journal, Alan Shimel is attuned to the world of technology. Alan has founded and helped several technology ventures, including StillSecure, where he guided the company in bringing innovative and effective networking and security solutions to the marketplace. Shimel is an often-cited personality in the security and technology community and is a sought-after speaker at industry and government conferences and events. In addition to his writing on DevOps.com and Network World, his commentary about the state of technology is followed closely by many industry insiders via his blog and podcast, "Ashimmy, After All These Years" (www.ashimmy.com). Alan has helped build several successful technology companies by combining a strong business background with a deep knowledge of technology. His legal background, long experience in the field, and New York street smarts combine to form a unique personality.

Alan Shimel has 107 posts and counting. See all posts by Alan Shimel