# Runtime Security Runtime Security is the **last line of defense and continuous feedback loop** in OpsMx Delivery Shield's Code-to-Cloud model. While earlier stages like SAST, SCA, and DAST aim to prevent vulnerabilities from reaching production, Runtime Security operates on the assumption that some risks will inevitably pass through — and ensures they are **detected and mitigated in real time** before they cause damage. Modern cloud-native systems are highly dynamic — with frequent deployments, auto-scaling workloads, and complex microservice interactions. This makes it impossible to rely solely on pre-deployment controls. Runtime Security fills this gap by continuously monitoring system behavior, detecting deviations from established baselines, and feeding insights back into earlier pipeline stages to prevent recurrence. {% hint style="info" %} Runtime Security in OpsMx is not passive monitoring — it is active, continuous, and connected. Findings from runtime feed directly back into code, build, and deployment controls — creating a true closed-loop security posture. {% endhint %} ## Why Runtime Security Is Used in OpsMx OpsMx uses Runtime Security in Delivery Shield to: * **Detect threats that pre-deployment scanning cannot catch** — insider threats, zero-days, and runtime exploits that circumvent earlier controls * **Continuously validate production workloads** — ensuring the security posture of running systems does not degrade between deployments * **Create a feedback loop** — runtime anomalies inform and strengthen earlier-stage controls (code, build, deployment) * **Enable faster incident response** — real-time detection reduces mean time to detect (MTTD) and mean time to respond (MTTR) * **Protect AI systems in production** — extending runtime security to LLMs, agents, and AI-driven workloads --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.opsmx.com/code-to-cloud-security-and-scanners/runtime-security.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.