Lakshan Weerasinghe

Lakshan Weerasinghe Daily tech news, practical tips, and clear insights into modern technology

The 2025 Cloud Security Reality Check: Critical Insights Every Leader NeedsAre we winning the war on cloud security? New...
17/02/2026

The 2025 Cloud Security Reality Check: Critical Insights Every Leader Needs

Are we winning the war on cloud security? New data suggests the battleground is shifting faster than defenses can keep up.

Cloud adoption has ceased to be a "strategy" it is now the standard. However, as organizations race to scale, security often trails behind. I recently reviewed SentinelOne’s latest 2025 Cloud Security resources, and the findings are a wake-up call for CISOs, DevOps engineers, and security architects alike.

Drawing from the 2025 Cloud Security Survey Report and the 2025 Cloud Verified Exploit Paths and Secrets Scanning Threat Report, here is a breakdown of why the threat landscape has changed and what you need to do about it.

1. The Visibility Gap is Still Widening

According to the survey, which gathered insights from over 400 security professionals, the fundamental struggles remain surprisingly consistent. Despite the abundance of tools available, organizations are still battling the "Big Three" of cloud chaos:

Misconfigurations: The leading cause of breaches.

Poor Visibility: You can’t protect what you can’t see.

Fragmented Defenses: Siloed tools create blind spots.

Perhaps most concerning is that the Public Cloud is now viewed by many leaders as the riskiest environment in their infrastructure. As complexity grows, the confidence in securing these environments seems to be wavering.

2. The "Secrets" Aren't So Secret

Theoretical risks are one thing; real-world data is another. SentinelOne’s threat report analyzed thousands of customer environments and uncovered a staggering statistic: 100,000+ exposed secrets.

We are talking about:

API Keys left in open repositories.

Hardcoded credentials buried in container images.

Default access tokens that were never rotated.

Attackers are no longer just looking for software vulnerabilities (CVEs); they are hunting for these keys. The report highlights how attackers utilize Verified Exploit Paths specific, proven routes to breach cloud workloads using these exposed secrets.

3. The New Wave of Threats: AI and Shadow IT

The threat landscape isn't static. The 2025 outlook identifies several accelerating vectors that are keeping security teams up at night:

Shadow Deployments: Infrastructure spun up without IT oversight, leaving it unpatched and unmonitored.

Hardcoded Secrets in Containers: Developers prioritizing speed over security, baking keys directly into code.

AI Tool Leaks: As teams rush to adopt AI tools, sensitive corporate data is increasingly being fed into public models or exposed via insecure AI integrations.

4. Moving Beyond "Theoretical" Security

The traditional approach of scanning for every single CVE produces too much noise. Security teams are drowning in alerts for vulnerabilities that aren't actually reachable or exploitable in their specific environment.

This is where SentinelOne’s Singularity Cloud Native Security (CNAPP) distinguishes itself.

Instead of flagging everything, it focuses on context.

Agentless Scanning: rapid visibility without the friction of deploying agents everywhere.

Offensive Security Engine: It thinks like an attacker.

Autonomous Prioritization: It differentiates between a "theoretical" risk and an actual exploitable path.

By focusing on what can actually be exploited, teams can stop chasing ghosts and start fixing real holes.

The Bottom Line
If you are responsible for cloud security, hoping for the best is not a strategy. The 2025 reports from SentinelOne are essential reading to understand the specific mechanics of modern breaches.

Just saw this interesting report from Anthropic about their latest AI model, Claude Opus 4.6. They did a deep dive into ...
11/02/2026

Just saw this interesting report from Anthropic about their latest AI model, Claude Opus 4.6. They did a deep dive into "sabotage risks" (like whether it could secretly mess things up or help with really bad stuff). Overall, they say the risk is very low (but not zero), and there are some concerning bits in tests like small help with dangerous things when pushed hard.

Crazy how fast AI is moving and how seriously they're taking safety now. What do you guys think? Worth reading if you're into AI stuff

Link in comments 👇

09/02/2026

Free Cloud Service for Backup Your Data 😍

AI is the #1 Security Threat for US Banks & Financial Firms in 2025Did you know? 59% of financial services leaders say ...
09/02/2026

AI is the #1 Security Threat for US Banks & Financial Firms in 2025

Did you know?

59% of financial services leaders say the fast-moving AI ecosystem is their TOP security concern right now even higher than data breaches or ransomware.

Key stats from the brand-new 2025 Thales Data Threat Report (Financial Services Edition):

👉57% worried about AI model & data integrity
👉Only 15% of organizations encrypt 80%+ of their sensitive cloud data
👉SaaS apps jumped 27% to 107 on average more doors for attackers
👉Quantum computing threats? 57% already fear future encryption breaks

US banks, insurers, and fintech's are adopting AI faster than anyone… but are we ready for the risks?

Download the full report for free and see how to protect your data in the AI + Quantum era (Link in Comment)

What’s your biggest worry? GenAI risks or quantum threats? Drop a comment below.

The dream of “autonomous coding” is closer than ever, but as any seasoned engineer knows, the devil is in the deployment...
07/02/2026

The dream of “autonomous coding” is closer than ever, but as any seasoned engineer knows, the devil is in the deployment.

Recently, I decided to put some of the most advanced AI tools to the test Antigravity Pro (using Claude 4.5 Thinking/Opus) and Gemini 3 Pro. I wanted to see if an AI agent could navigate a complex, real-world SaaS environment without handholding.

The results were impressive, chaotic, and a massive wake-up call for the future of our profession.

The Setup: A Multi-Headed SaaS Beast
The project wasn’t a simple “To-Do” app. It’s a complex SaaS ecosystem featuring:

One Backend powering five different Frontend systems (Project, Compliance, Finance Management, etc.).
AWS CDK Infrastructure: Meaning the backend cannot be run locally; it must be deployed to the cloud for testing.
Strict Workflows: Technical docs must be approved by Seniors, PMs, and DevOps before a single line of code is written.
I gave the AI a User Story for a large feature in the Compliance Management module and a very detailed prompt. However, I intentionally withheld four “human” insights about our specific environment:

The inability to test locally.
Deployment is only allowed from the dev-temp branch.
The Service Stack file was at its limit (needing a new stack).
A “Double-Deploy” requirement to prevent CORS issues with AWS Cognito.

The Good: Coding Standards and UI Precision
The AI started strong. It analyzed the database schema, updated the scripts, and built the backend following our existing patterns (Dependency Injection, RESTful APIs, etc.).

When it moved to the frontend, I was genuinely impressed. Using only Figma screenshots, it built a beautiful, responsive UI that matched our design system perfectly. It refactored mock data into real API calls using Axios without breaking a sweat. 48 files were modified or created, and the code quality was top tier.

The Bad: When the “Agent” Lost the Plot

The friction started during the deployment phase. This is where the difference between a coder and an engineer became clear:

Branch Blindness: It tried to deploy from my local dev-lakshan branch. After five minutes of "thinking" through errors, it correctly identified that it needed to switch to dev-temp.
The Resource Limit: It hit the AWS Service Stack limit. To its credit, it eventually figured out it needed to create a new stack.

The CORS Nightmare: Because it didn’t know about the “double-deploy” rule for Cognito, it hit CORS errors during testing. Instead of questioning the infrastructure, the AI went down a rabbit hole altering pre-configuration files and trying to “bypass” AWS security.
The Warning Sign: If I had blindly approved those AWS changes, the entire project infrastructure would have been compromised. The AI began “hallucinating” infrastructure fixes that were actually destructive.

The “Human” Fix

I eventually had to intervene. I updated the prompt: “Once everything is complete, deploy the backend twice.” Suddenly, everything worked. Even the Pull Request (PR) process needed a human touch; the AI initially tried to merge dev-temp directly into the main/dev branch instead of returning to the feature branch first.

Key Takeaways for the AI Era

UI is AI’s Strong Suit: Frontend development and design-to-code translations are becoming incredibly efficient.
Infrastructure is the Final Frontier: AI still struggles with “tribal knowledge” those specific quirks of a company’s AWS/DevOps setup that aren’t written in the documentation.

The “Senior” Filter: You cannot give these tools to someone who doesn’t understand the foundation. An inexperienced dev would have pushed the “CORS bypass” and broken the production environment.

Final Thoughts: Will SE Jobs Vanish?
No, but they are changing. The “Coder” who just translates requirements to syntax is at risk. However, the Software Engineer the one with the Basic + Foundation + Skills + Experience will become a “Pilot.”

AI will do the heavy lifting, but we are the ones who know when the plane is flying into a storm. To survive the AI wave, don’t just learn to code; learn how the whole machine works.

This is an absolutely valuable tool 😍Especially for interns or someone who has just joined a team, understanding a large...
09/01/2026

This is an absolutely valuable tool 😍

Especially for interns or someone who has just joined a team, understanding a large code repository can take quite a bit of time. Usually, a senior developer or another team member has to spend time giving KT (knowledge transfer), which can be tiring and inefficient.

This new tool introduced by Google solves that problem. You simply provide the repository URL, and it automatically generates a visual and well-structured documentation, including:

Architecture overview

API references

Class explanations

Function descriptions

In other words, it creates Architecture Diagrams, Class Diagrams, and Sequence Diagrams for you.

The most important part is that whenever the repository gets updated (for example, when a PR is merged), the documentation is automatically updated as well. This completely eliminates the issue of outdated documentation.

We’ve all experienced this when joining a new job sometimes the provided docs are old, while the code has already changed. That makes understanding the system really difficult.
This tool directly solves that problem.

On top of that, if there’s any confusing part in the codebase, you can open the built-in chat option and ask questions. It will explain those unclear sections in a simple and understandable way.

Currently, this tool is released as a public preview and works only with public repositories. Support for private repositories is marked as coming soon on the website.

Give it a try and see for yourself.





India’s IT job market, valued at USD 283 billion, saw new hiring drop by 10% between July and August 2025.By the end of ...
04/09/2025

India’s IT job market, valued at USD 283 billion, saw new hiring drop by 10% between July and August 2025.

By the end of August, legacy technology job opportunities had fallen to 43,000, a 9% decline compared to July, and a 24% decline compared to September 2024.

Top Indian IT companies like TCS and Infosys hired only around 3,800 people over the past three months, marking a massive 72% drop compared to the March quarter.

These leading IT firms have stated that they have completely stopped hiring for legacy tech stacks and are instead planning to increase recruitment in AI, Cybersecurity, Cloud, DevOps, and Data Engineering. Hiring for Software Engineering roles has been restricted, with no new recruitment for outdated tech stacks at all.

The decline is mainly driven by four key factors:

1. Rising costs due to new taxes imposed by Trump
2. Reduced client spending capacity
3. Fewer projects as a result of AI disruption
4. Revenue decline for companies in the June quarter

(Due to these factors, top firms have already cut 12,000 mid- and senior-level jobs.)

Warnings suggest that hiring may continue to decline in the coming months.

According to Neeti Sharma from Teamlease, while demand for roles in AI, Cloud, and Cybersecurity is growing, finding professionals with the right expertise and specialized skills has become increasingly difficult.

Take this as a reminder: traditional methods and tech stacks are no longer relevant. You must position yourself as someone with unique talent, if you want to stay ahead.

Two days ago, Cloudflare faced the largest and most severe DDoS attack recorded in history. This surpasses the previous ...
04/09/2025

Two days ago, Cloudflare faced the largest and most severe DDoS attack recorded in history. This surpasses the previous record of a 7.3 Tbps attack reported in May.

The attack that occurred two days ago was about 60% larger, peaking at 11.5 Tbps. Lasting for only about 35 seconds, it shook the cybersecurity world.

This was a UDP Flood attack, which consumes excessive bandwidth by targeting destinations using the User Datagram Protocol without establishing a proper connection.

Initially, Cloudflare stated that the attack originated from Google Cloud, but later corrected the statement, clarifying that it came from Cloud Solution providers for IoT devices. The targeted hosting provider has not yet been disclosed.

Thanks to Cloudflare’s highly secure automated AI-based defense system, the attack was detected within seconds and successfully mitigated using rate limiting and IP-based filtering.

The attack was carried out using botnets through pay-as-you-go cloud platforms.

With the advancement of 5G technology and AI, cybersecurity specialists warn that attacks as large as 20 Tbps may occur in the future.

According to Cloudflare’s CTO, human intervention is impractical in defending against such massive attacks, and it is crucial to rely on automated AI-powered DDoS protection systems.

For countries like Sri Lanka, where cybersecurity is extremely weak, organizations must reconsider their security strategies to protect both their institutions and customer data.

Kiro AI is a modern Agentic Integrated Development Environment (IDE) launched by Amazon Web Services (AWS) on July 14, 2...
03/09/2025

Kiro AI is a modern Agentic Integrated Development Environment (IDE) launched by Amazon Web Services (AWS) on July 14, 2025, designed to assist in software development using AI intelligence. It follows a "spec-driven development" approach, starting from proposals and guiding through to production-ready solutions. The key features of Kiro AI include:

Spec-Driven Development

When you provide a high-level proposal (ex-:, "Add a review system"), Kiro converts it into detailed requirements, technical designs, and task lists using the EARS (Easy Approach to Requirements Syntax) method, incorporating user stories and critical conditions.

Agent Hooks

AI agents automatically trigger actions when you save, create, or delete files, such as updating test files, documentation, or performing security checks.

Agentic Chat

It understands your project's context and supports goal-oriented development through natural language conversations.

Steering Files

You can define your project's patterns, technical decisions, and naming conventions via Markdown files in the .kiro/steering/ directory, allowing the AI to follow your specific instructions.

Model Context Protocol (MCP)

Allows adding custom models to your project, which can be used for specific tasks like security or efficiency.

Kiro AI operates on Claude Sonnet 4.0 and 3.7 models, with plans to integrate additional models in the future. It is built on Code OSS (the open-source version of Visual Studio Code) as an intelligent IDE.

As of now (since July 14, 2025), it is in public preview and available for free. Future plans include free (50 agent actions), Pro ($19/month, 1000 agents), and Pro+ ($39/month, 3000 agents) tiers.

Kiro AI is a standalone application compatible with Windows, macOS, and Linux. It can be accessed by signing in with Google, GitHub, AWS Builder ID, or AWS SSO, and an AWS account is not mandatory.

🌟 Revolutionizing Productivity with AI! 🌟🚀 Google has unveiled Gemini AI in Google Docs and Sheets, introducing the powe...
23/12/2024

🌟 Revolutionizing Productivity with AI! 🌟

🚀 Google has unveiled Gemini AI in Google Docs and Sheets, introducing the powerful "Help Me Create" feature! This AI-powered assistant is here to simplify your work and boost creativity.

📄 Whether you're crafting Proposals, Brainstorming Documents, Campaign Briefs, or even planning your next Vacation Itinerary, Gemini AI has got you covered!

💡 Say goodbye to writer's block and hello to effortless content creation. Ready to transform the way you work? 🌐

👉 Follow Tech With Laka for more tech updates and insights!

Address

Ratnapura

Opening Hours

Monday 09:00 - 17:00
Tuesday 09:00 - 17:00
Wednesday 09:00 - 17:00
Thursday 09:00 - 17:00
Friday 09:00 - 17:00
Saturday 09:00 - 17:00
Sunday 09:00 - 17:00

Website

Alerts

Be the first to know and let us send you an email when Lakshan Weerasinghe posts news and promotions. Your email address will not be used for any other purpose, and you can unsubscribe at any time.

Shortcuts

Share