When teams move from deciding on their migration strategy to mobilizing to act, agentic AI can be used to enforce secure-by-design practices and policies. Welcome back to the second in our two part series on using agentic AI for DevSecOps to drive secure-by-design architecture. (If you missed part one, check out our previous post The Speed of Relevance: Laying the Foundation for Strong DevSecOps Practices)

Infrastructure as Code Delivers Automated Compliance Enforcement

Secure-by-design principles are enabled through both infrastructure as code and robust security testing practices. First, deployments via infrastructure-as-code (IaC) produce consistent, repeatable, and hardened environments, reducing misconfigurations. This addresses a common security weakness. Additionally, these pipelines generate detailed logs and audit trails.

Furthermore, pipelines can embed policy-as-code and compliance-as-code frameworks, continuously validating that builds align with standards like NIST, CMMC, STIG, RMF, or agency-specific security baselines. They can also build custom workflows and templates that ensure their DevSecOps agents work consistently following their internal guidelines and processes.

There are many examples of how teams can use preconfigured DevSecOps templates and workflows to enhance their security:

• Pipeline templates that enforce secure configurations by default (e.g., encryption turned on, least privilege IAM roles, logging enabled) across every environment.
• Workflows that eliminate hardcoded credentials by integrating with vaults and key management services, ensuring sensitive data is injected securely at runtime.
• Automated pipelines that support rolling updates and security patching, making it easier to quickly remediate vulnerabilities without manual intervention.

Automated Security Testing Provides Guardrails

The other component is security testing. Using ReDuX AI agents in combination with other automation tools, DevSecOps teams use security testing (static code analysis, dependency scanning, secret detection) early in the pipeline, ensuring vulnerabilities are caught before deployment.

Moreover, for every task performed by any ReDuX agent, output can be verified and corrected by a human team member. The self-learning agents improve their process, further improving efficiency gains. And because in enterprise implementations of ReDuX agents share skill improvements across the digital workforce, all agents improve when one agent improves. This process further enhances security beyond what is available with simply co-pilot tools or AI agents used for a single step of the process.

Ultimately, by both using OODA loops as described in our first post and automated compliance, teams can use AI for end enforcement of DevSecOps best practices. In addition to this, one of the most important ways DevSecOps supports security best practices is it fosters a culture of continuous improvement and collaboration, particularly between developers, security, and operations. At its core, DevSecOps best practices shift important security decisions to the left, moving them earlier in the process so that the tools use by modernization teams have the greatest impact at reducing risk.
If you want to see how your team can accelerate decision making and modernize with secure-by-design architecture, schedule a live demonstration with our team. And if you are headed to the AFCEA Belvoir Industry Days May 5-7, 2026, Let’s talk!

Last year our team examined agentic DevSecOps for secure-by-design architecture on our ReDuX blog. In this two part series, experts in our Defense portfolio are returning to their call to shift security decision making left. With renewed attention to the needs of the warfighter and the mission we address these new challenges and opportunities.

For agencies operating in an IL4 or IL5 environment integrating security into their modernization is an essential requirement of the mission. Modern environments must adhere to strict security standards, meet data sovereignty requirements, and enforce secure CI/CD pipelines all while operating within GovCloud.

In short, to effectively optimize DevOps outputs using AI, agencies must partner with organizations that have proven experience working with their highly-regulated environments. Moreover, when the modernized systems are well-architected, they directly operationalize secure-by-design principles. To achieve this state we use our ReDuX platform to observe to understand the legacy system, make informed decisions early and when relevant while building incrementally to adapt to changing mandates.

Shift-Left Security and the Speed of Relevance

In our original post, we noted, the earlier teams identify problems and security risks, the earlier they adapt and develop solutions. We call this Shift-Left Security and it greatly improves the speed of relevance for making critical architecture decisions that improve the overall security of the system.

Shift-Left Security is based on our integration of the Observe-Orient-Decide-Act (OODA) loop into our GoLean development methodology. With GoLean we observe process improvement opportunities earlier. After orienting to a new approach, we then decide on process improvements and act to implement it within our work. As a result of using this data-driven OODA loop process for over a decade our development methodology has been repeatedly appraised at CMMI Level 5. 

When incorporated into our ReDuX process we use OODA loops to not only continuously improve process but also to reduce risk. We do this by building a comprehensive blueprint of the legacy system so we can observe risks. Next we orient to plan our migration roadmap, then decide to mobilize agents and teams to complete our work and finally, act to incrementally modernize while reducing rework.

Reducing Risk with Legacy System Blueprinting

Using agentic AI in our ReDuX platform, blueprinting agents map the structure of legacy systems and identifies its relationship to external components. Our teams can then match legacy code to screen flows and end-points so that teams identify orphan or dead code before they begin migration planning.

Thus, using agentic-driven blueprinting we greatly accelerate the speed of relevance for making critical security decisions. We move the decisions about how to improve, optimize and reimagine the system earlier in the discovery phase which allows us to act and adapt sooner to emerging risks.

If you want to learn how we use system blueprinting to accelerate decisionmaking and build secure systems, schedule a live demo with our team. If you are headed to the AFCEA Belvoir Industry Days May 5-7, 2026, Let’s talk!

And stay tuned! In our next blog we will share how we use AI agents to build secure architecture as part of our DevSecOps practice.

HERNDON, VA., OCTOBER, 27, 2025 – Karsun Solutions, a leading technology modernization firm, announced that its ReDuX platform has achieved “Awardable” status through the Chief Digital and Artificial Intelligence Office’s (CDAO) Tradewinds Solutions Marketplace.

The Tradewinds Solutions Marketplace is the premier offering of Tradewinds, the Department of War’s (DoW’s) suite of tools and services designed to accelerate the procurement and adoption of Artificial Intelligence (AI)/Machine Learning (ML), data, and analytics capabilities.

Karsun’s ReDuX platform accelerates the modernization of mainframe and other legacy system applications using agentic AI. The company’s modern software development, cloud, data, and AI/ML solutions are used by government agencies and enterprise organizations. In addition to mainframe modernization it offers specialized expertise in acquisition, aviation, grants management, and fleet management systems modernization.

“We are excited to join this premier marketplace for procuring AI/ML, data, and analytics solutions,” said Sundar Vaidyanathan, CEO of Karsun Solutions. “We look forward to addressing the DoW’s most significant modernization challenges.”

Karsun Solutions’ video, “ReDuX – AI Accelerated Modernization,” accessible only by government customers on the Tradewinds Solutions Marketplace, presents an actual use case in which the company demonstrates the accelerated modernization of a mainframe application from discovery to delivery. Karsun Solutions was recognized among a competitive field of applicants to the Tradewinds Solutions Marketplace whose solutions demonstrated innovation, scalability, and potential impact on DoW missions. Government customers interested in viewing the video solution can create a Tradewinds Solutions Marketplace account at tradewindAI.com.

About Karsun Solutions

Karsun Solutions modernizes legacy systems enabling government agencies and enterprise organizations to elevate mission capability. IT solutions from Karsun are tailored to meet mission-driven organizations’ unique needs and optimize operations. These solutions adapt and stay relevant to current trends while using secure, digital architecture built to last. It is a proven modernization partner whose expertise ensures every next opportunity is within reach. Learn more at Karsun-LLC.com.

About ReDuX

The ReDuX AI-powered platform expedites the modernization of mainframe and other legacy system applications. Key tools in the platform include its blueprinting agents, which provide deep insights into system structure and behavior, and its transformation agents, which use the outputs from the blueprinting agents to generate code and facilitate incremental migration. These agents also bring enhanced security and privacy, offering project-specific usability by interfacing with various systems, overcome hallucinations noted in large language models (LLMs), and provide proven prompt templates to save developers time and effort. Get started at GoReDuX.ai.

For more information or media requests, contact the Karsun Marketing Team at marketing@karsun-llc.com.

About the Tradewinds Solutions Marketplace

The Tradewinds Solutions Marketplace is a digital repository of post-competition, readily awardable pitch videos that address the Department of War’s (DoW’s) most significant challenges in the Artificial Intelligence/Machine Learning (AI/ML), data, and analytics space. All awardable solutions have been assessed through complex scoring rubrics and competitive procedures and are available to Government customers with a Marketplace account. Government customers can create an account at www.tradewindai.com. Tradewinds is housed in the DoW’s Chief Digital Artificial Intelligence Office.

For more information or media requests, contact: Success@tradewindai.com

Update: Karsun Solutions’ Navy SeaPort-e Contract (#N00178-14-D-735) was awarded November 19 2013. Its period for performance ran through April 4, 2019.

In November 2013, the Karsun Solutions team was awarded a SeaPort-e IDIQ contract with the U.S. Navy to provide professional support services in multiple functional areas including Engineering and Program Management. SeaPort-e is the Navy’s electronic platform for acquiring support services in 22 functional areas including Engineering, Financial Management, and Program Management.

The Navy Systems Commands (NAVSEA, NAVAIR, SPAWAR, NAVFAC, and NAVSUP), the Office of Naval Research, the U. S Marine Corps, and the Defense Threat Reduction Agency (DTRA) compete their service requirements amongst 1800+ SeaPort-e IDIQ multiple award contract holders. The SeaPort-e portal provides a standardized, efficient means of soliciting offers from amongst the diverse population of large and small businesses and their approved team members.

All task orders are competitively solicited, awarded and managed using the SeaPort-e platform. Since nearly 85% of its contract–holders are small businesses, the SeaPort-e approach to acquiring services supports the companies fueling the Nation’s job growth engine.

About Karsun Solutions

Karsun Solutions is a fast-growing, innovative enterprise modernization firm. Recently awarded Best Company Culture by Comparably.com, its teams deliver modern software development, cloud, and data solutions to customers at government agencies including the Department of Homeland Security, Federal Aviation Administration and General Services Administration. Leveraging GoLean, Karsun teams drive digital transformation and help its government customers Do Extraordinary. Learn more at Karsun-LLC.com.