AI features are landing in .NET apps fast — frontends calling Microsoft Foundry models, Azure Functions exposing MCP tools to agents, pipelines deploying it all to production. Each new surface is a new attack surface. Prompt injection, tool abuse, AI-generated code, IaC drift, and supply chain risk all require answers before the app ships.

This session is a practical walk-through of DevSecOps for AI-enabled .NET applications. We cover what shift-left really means when models and tools are in the loop, the new threat model posed by prompt injection and MCP tool abuse, and how to organize security controls across the lifecycle — plan, code, build, test, deploy, operate. We map each stage to the concrete tools that fit Azure and .NET today: GitHub Advanced Security, Microsoft Security DevOps and Defender for Cloud, CodeQL, Trivy, Checkov, OWASP ZAP, plus the AI and MCP tooling that helps teams shift-left together — Copilot Autofix, Azure Functions Skills, the Foundry IQ MCP server, and Microsoft Security Copilot.

One focused live demo anchors together the theory: a pull request lands with deliberately planted security issues, we watch the CI/CD pipeline catch them, see AI propose a fix, and ship the patched build without downtime. The rest of the session is on the why — the methodology, the threat model, the patterns for developer/security/platform collaboration, and the trade-offs of each tool you'd choose.

You'll leave with a clear mental model of DevSecOps for AI apps in .NET, a concrete tools landscape, and a reference architecture and pipeline you can take back to your own codebase.