Arcjet

The concept of DevSecOps aimed to integrate security throughout the development lifecycle, but it hasn't worked out as planned. The clash between development speed and security needs remains an issue. The future might resemble the rise of Site Reliability Engineering (SRE), where dedicated security teams build tools and provide guidance, allowing developers to handle application-specific security details. This approach mirrors platform engineering with a security focus.

Whatever happened to DevSecOps?

I see a lot of the policy as code and security tools in the dev supply chain as a part of the answer here as well.
Creating automatic compliance frameworks helps at least establish the baseline so that more specialized Red/Blue/Purple teams can focus on finding the novel issues and solutions for security.

personally i saw the forthcoming of this issue