Trustworthy AI-enhanced DevSecOps framework: bridging XAI and RAG for interpretable anomaly detection and context-aware root cause analysis

Abstract

Modern software development faces many challenges in balancing rapid delivery with robust security. The challenges are bugs,vulnerabilities and inefficiencies. The AI-based DevSecOps tools that are being used today are effective at detecting abnormalities and vulnerabilities but they act as a black box that provides little to no transparency or context that leaves the security team a little skeptical and makes it hard for them to trust the tools and act on them. An AI-driven DevSecOps system that employs Explainable Artificial Intelligence (XAI), which offers insights into the choices made by the transformer model LogBert, is presented as a solution to this problem. The proposed framework also uses Retrieval-Augmented Generation (RAG) that dynamically retrieves contextual data(i.e. Historical fixes, security protocols and optimization patterns). LogBert is trained to model normal system behaviour, detect anomalies while SHAP boosts interpretability and RAG produces historical context which fosters trust from developers and collaborative debugging to eliminate any doubt which is induced by the black box dilemma. In this framework security is actively strengthened through real-time vulnerability scanning, threat prediction and automated compliance check. Moreover, LLM is combined with SHAP to describe what the output of SHAP means, making it more human interpretable. Also it is applied to RAG which transforms retrieved contextual information into simple human readable texts and proposes fixes. This proposed framework does not only improve performance but it also provides a clear path for using AI in a way that is both sustainable and transparent within DevSecOps test phase.