Last year our team examined agentic DevSecOps for secure-by-design architecture on our ReDuX blog. In this two part series, experts in our Defense portfolio are returning to their call to shift security decision making left. With renewed attention to the needs of the warfighter and the mission we address these new challenges and opportunities.

For agencies operating in an IL4 or IL5 environment integrating security into their modernization is an essential requirement of the mission. Modern environments must adhere to strict security standards, meet data sovereignty requirements, and enforce secure CI/CD pipelines all while operating within GovCloud.

In short, to effectively optimize DevOps outputs using AI, agencies must partner with organizations that have proven experience working with their highly-regulated environments. Moreover, when the modernized systems are well-architected, they directly operationalize secure-by-design principles. To achieve this state we use our ReDuX platform to observe to understand the legacy system, make informed decisions early and when relevant while building incrementally to adapt to changing mandates.

Shift-Left Security and the Speed of Relevance

In our original post, we noted, the earlier teams identify problems and security risks, the earlier they adapt and develop solutions. We call this Shift-Left Security and it greatly improves the speed of relevance for making critical architecture decisions that improve the overall security of the system.

Shift-Left Security is based on our integration of the Observe-Orient-Decide-Act (OODA) loop into our GoLean development methodology. With GoLean we observe process improvement opportunities earlier. After orienting to a new approach, we then decide on process improvements and act to implement it within our work. As a result of using this data-driven OODA loop process for over a decade our development methodology has been repeatedly appraised at CMMI Level 5

When incorporated into our ReDuX process we use OODA loops to not only continuously improve process but also to reduce risk. We do this by building a comprehensive blueprint of the legacy system so we can observe risks. Next we orient to plan our migration roadmap, then decide to mobilize agents and teams to complete our work and finally, act to incrementally modernize while reducing rework.

Reducing Risk with Legacy System Blueprinting

Using agentic AI in our ReDuX platform, blueprinting agents map the structure of legacy systems and identifies its relationship to external components. Our teams can then match legacy code to screen flows and end-points so that teams identify orphan or dead code before they begin migration planning.

Thus, using agentic-driven blueprinting we greatly accelerate the speed of relevance for making critical security decisions. We move the decisions about how to improve, optimize and reimagine the system earlier in the discovery phase which allows us to act and adapt sooner to emerging risks.

If you want to learn how we use system blueprinting to accelerate decisionmaking and build secure systems, schedule a live demo with our team. If you are headed to the AFCEA Belvoir Industry Days May 5-7, 2026, Let’s talk!

And stay tuned! In our next blog we will share how we use AI agents to build secure architecture as part of our DevSecOps practice.