News and Tech Update

AI-assisted low-code platforms like VibeCode are generating a lot of excitement. They let users describe applications in natural language and produce working code quickly. This speed is impressive, but it raises questions for DevOps teams responsible for stability, security, and reliability. DevOps has always focused on delivering software faster while keeping systems stable. Low-code and AI-assisted tools change how teams reach those goals. When non-developers create applications or workflows, DevOps practices must adapt to maintain quality and governance . Understanding the Landscape Low-code platforms provide visual interfaces and pre-built components, allowing technical and non-technical teams to build applications quickly. They often include ways to add custom logic and integrate with version control systems. VibeCode-style tools take this further by generating full source code from text prompts. They blur the line between code and no-code by producing deployable code automa...

When you ask an AI coding agent how to solve a problem, it reaches for code. That’s not just a preference – code is how software teams actually ship and we have an ecosystem of essential tools and management systems: Version control, reviews, tests in CI, deploys and rollbacks.   We’ve spent the last decade pushing more of our systems into code: Configuration, infrastructure, and of course, application logic. The payoff was control, reproducibility, audit trails, and the ability to prove a change works before it hits production.   The Dashboard Problem   But a lot of “AI tooling” – especially in security – still lives outside that world. When a problem depends on a third-party system, the agent often can’t complete the loop. It can recommend steps, but it can’t reliably apply them, verify them, or keep them correct over time. They’re outside of the context window that is your codebase (the source of truth).   Take spam signups. If...

The npm code repository is again being used by a bad actor to launch a supply chain attack that includes three dozen malicious packages that appear as Strapi CMS plugins but deliver a range of threats. Strapi is a popular open source headless Node.js content management system developers use to build, manage, and expose content through REST or GraphQL APIs while using a range of front-end frameworks, like React , Next.js, and Vue. Capabilities that make it attractive include a customizable administrator panel and flexibility in databases developers can use. According to researchers with cybersecurity vendor SafeDep, the 36 malicious packages were published using four npm accounts, with varying numbers of packages in each account. “Contrary to what you might expect from a package-spam campaign, the analyzed packages carry different payloads — eight distinct variants in total — revealing a real-time attack development session against a specific target,” researchers with cyb...

DevOps.com is now providing a weekly DevOps jobs report through which opportunities for DevOps professionals will be highlighted as part of an effort to better serve our audience. Our goal in these challenging economic times is to make it just that much easier for DevOps professionals to advance their careers. Of course, the pool of available DevOps talent is still relatively constrained, so when one DevOps professional takes on a new role, it tends to create opportunities for others. The five job postings shared this week are selected based on the company looking to hire, the vertical industry segment and naturally, the pay scale being offered. We’re also committed to providing additional insights into the state of the DevOps job market. In the meantime, for your consideration. Indeed.com Amentum Hanover, MD Cloud Engineer $230,000 to $300,000 LinkedIn Galileo Brooklyn, NY Senior DevOps Engineer $200,000 to $240,000 The Job Network Sonatus Sunnyvale, CA DevOps Man...

Cybersecurity researchers from Bitdefender, a provider of an endpoint detection and response (EDR) platform, have discovered an extension to the Windsurf integrated development environment (IDE) that steals credentials and data after code is downloaded from the Solana blockchain platform. Silviu Stahie, a security analyst for Bitdefender, said the extension makes use of typosquatting tactics to make it appear as though it is a legitimate instance of REditorSupport, an extension that provides an IDE to developers that are building applications using the R programming language that is typically used to build statistical computing and data visualization applications. Windsurf, like most AI coding tools, is based on Visual Studio (VS) Code, an open source AI code editor. The issue that more DevSecOps teams need to be aware of is that fake extensions to tools based on VS Code are now being employed more widely to compromise software supply chains, said Stahie. In this instance, the ex...

A customer deploys AKS in a regulated environment, hits an issue during node bootstrapping, and wants to know exactly what happens when a node joins the cluster. The question sounds simple. The answer is spread across the AgentBaker source code, the cloud-provider-azure module, a Microsoft Learn article, three abstraction levels above what actually runs on the node, and the institutional knowledge of a teammate who may or may not be online. That’s the daily reality for Microsoft’s Global Black Belts — field engineers handling deep technical questions about Azure Kubernetes Service (AKS) and Azure Red Hat OpenShift (ARO). Two of them, Diego Casati and Ray Kao, built a system that does what they do: retrieve, correlate, verify, and write up the answer. They call it Project Nighthawk. What Nighthawk Does Nighthawk is a multi-agent research system built inside VS Code with GitHub Copilot. You type a command like /Nighthawk how does AKS implement KMS encryption with customer-managed k...