News and Tech Update

Hacktron revealed today it is developing a platform that leverages artificial intelligence (AI) to continuously test code for vulnerabilities. Fresh off raising $2.9 million in seed capital, Hacktron founder Zayne Zhang said the company’s platform will employ multiple AI models to test every pull request and code change to identify vulnerabilities that are actually exploitable. Once identified, the platform will also surface a recommendation to remediate that issue that could be shared with an AI coding tool. The overall goal is to dramatically reduce the number of false positives that DevOps teams waste time investigating, said Zhang. In effect, AI will significantly reduce the current level of burden DevSecOps teams today experience when trying to maintain application security, he added. The team behind Hacktron has years of expertise researching vulnerabilities. Most recently, Hacktron uncovered critical vulnerabilities in the widely used OAuth2 Proxy project, highlighting risks ...

OpenAI has moved deeper into enterprise cybersecurity with the launch of Daybreak, a platform that identifies software vulnerabilities, validates fixes, and speeds up patching workflows using AI models and its Codex Security system. Daybreak places OpenAI more directly in competition with Anthropic, whose Project Glasswing and Claude Mythos models also offer dual-use AI systems built for cybersecurity research and defensive operations. Rather than promoting Daybreak as a standalone security product, OpenAI designed it as an operational layer embedded inside software development and enterprise security workflows. The system combines GPT-5.5 models, Codex Security, and integrations with established security vendors to help customers analyze codebases, model attack paths, validate vulnerabilities, and provide remediation guidance. “Daybreak positions OpenAI as a control surface for application security, asserting itself above the AppSec agent layer incumbents are building. The tiered T...

Red Hat today revealed it is extending the reach of its Ansible Automation Platform for IT operations to artificial intelligence (AI) agents, in addition to making it simpler to build AI agents using existing application development tools. Announced at the Red Hat Summit conference, version 2.7 of the Ansible Automation Platform adds a technology preview of an orchestration engine for AI agents that are able to invoke capabilities via an integrated Model Context Protocol (MCP) server. Sathish Balakrishnan, vice president and general manager for Ansible at Red Hat, said these capabilities provide AI agents with a trusted execution layer through which they can automate IT operations. The overall goal is to make new and existing libraries of automation playbooks available to AI agents in a way that can be governed using a set of policies enforced via the Red Hat Ansible Automation Platform, he added. As part of that effort, the Red Hat Ansible Automation Platform can now serve as an ...

Site reliability engineering (SRE) promised a better way. Born at Google and evangelized by a generation of platform engineers, SRE offered organizations a disciplined, engineering-first path from firefighting chaos to measured, sustainable operations. However, years into the mainstream adoption of SRE, various organizations find themselves spending more on SRE tooling than ever, while their on-call engineers are still drowning at 2 a.m.   The pattern is consistent. Titles change. Dashboards multiply. AI-powered AIOps platforms get procured. Error budgets get defined in a spreadsheet and promptly forgotten. Six months later, the postmortems look identical to those from two years ago.   What’s going wrong? After surveying dozens of engineering organizations, five mistakes surface repeatedly, and they compound each other in ways that are hard to untangle once they’re entrenched.   Renaming your ops team ‘SRE’ without changing how work gets done is the organizat...

Waiting for a single annual pentest to secure your application is like locking your front door only once a year and hoping for the best. In an era where  133 new vulnerabilities  are reported every single day, relying on periodic snapshots leaves your organization exposed to evolving threats for months at a time.   This approach is no longer just risky; it is a significant financial liability. Data from the  IBM Systems Science Institute  highlights that fixing a bug in production costs 100 times more than catching it during the initial design phase. For modern teams, the ‘window of vulnerability’ between tests is where attackers find their greatest opportunities.   Transitioning to continuous security in DevSecOps is the only way to close this gap. By embedding automated validation into your CI/CD pipeline, you move from a reactive ‘checkbox’ mentality to a proactive, resilient posture. This guide explores how to move beyond one-time testing to build a defense that evolves as fast a...

Automation has been part of enterprise IT for many years, and in many environments, it has grown into an extensive network of interdependent workflows that keep routine operations running smoothly. Scripts provision accounts, automated workflows manage cloud resources, orchestration tools coordinate ITSM processes, and AI-driven tools help employees across the organization complete tasks more efficiently. On paper, this level of automation should allow the most experienced engineers to spend less time on routine operational work and more time on architecture, optimization, and long-term improvements. In practice, however, many teams experience the opposite. Even in highly automated environments, senior engineers are frequently pulled back into day-to-day operational tasks. They are asked to rerun failed jobs, correct permissions, verify provisioning results, or investigate why an automated workflow behaved differently than expected. Instead of focusing on higher-value work, they bec...