Autonomous Security Testing and Vulnerability Prediction in Cloud-Native DevSecOps Using AI

Cloud-native development and CI/CD have accelerated software delivery but expanded the attack surface. Integrating autonomous security testing and predictive vulnerability analytics into DevSecOps workflows promises to shift security left while reducing alert noise and manual triage. This review synthesizes recent work on AI-driven security testing (SAST/DAST/IAST/IaC), machine learning models for vulnerability prediction and prioritization, evaluation of benchmarks and datasets, and practical challenges for production adoption. We identify limitations in datasets and evaluation practices, discuss responsible deployment (explainability, privacy, false positive risk), and propose a research roadmap for robust, context-aware, and auditable autonomous DevSecOps systems.