Skip to main content

Posts

IBM Bob Gets Multi-Agent Muscle and a Cost Dashboard for Enterprise Coding

IBM has rolled out a significant update to Bob, its agentic software development platform, adding multi-agent coordination, built-in spend tracking, and three prebuilt workflows aimed at some of the toughest modernization jobs in enterprise IT: Mainframe COBOL, IBM i, and large Java codebases. The update lands as most engineering organizations are running into a problem nobody predicted a year ago: AI made writing code the easy part. A recent GitLab survey found that 85% of respondents agreed that AI has shifted the main bottleneck from writing code to reviewing and validating code. IBM cites that same data point in its announcement, and it’s clearly shaping how the company is positioning Bob’s next phase. Bob isn’t new. IBM introduced it earlier this year as its answer to tools like Claude Code and OpenAI’s Codex, and it made a splash at IBM’s Think 2026 conference, where it reportedly became one of the most talked-about releases on the show floor. Under...
Recent posts

GitHub’s Redesigned PR Inbox Tackles the Review Bottleneck AI Created

GitHub has made its overhauled pull requests dashboard generally available, giving developers and engineering managers a single view at github.com/pulls to track, prioritize, and act on the pull requests that need their attention. The dashboard moves out of public preview after a rollout that started in March 2026 and shifted to opt-out preview in April. The centerpiece is Inbox, a home base that <cite index=”1-1″>surfaces review requests, pull requests that need fixing due to CI failures or new comments, and pull requests that are ready to merge or sitting in the merge queue</cite>. Developers can reorder or hide sections to fit their own workflow, and filter by repository or recent activity to cut through the noise. Saved views are the other major piece. Instead of relying on browser bookmarks to jump back to a specific filter, developers can now <cite index=”1-1″>create, edit, and organize custom views based on their most-used search querie...

IBM and Red Hat Launch Lightwell Catalog to Automate Remediation

IBM and Red Hat this week revealed that Lightwell Network , a catalog of more than 6,500 application-layer dependencies that drives an automated vulnerability remediation service, is now generally available. At the same time, the Lightwell Clearinghouse Premier service, through which application development teams can both access validated patches and coordinate remediation efforts, is now available to a limited number of organizations. Ben Breard, a senior principal product manager at Red Hat, said collectively these two offerings will make it simpler for organizations to address 30 years of technical debt that is now being exposed by artificial intelligence (AI) models that make it possible to discover vulnerabilities and create exploits in a matter of hours. At the core of the Lightwell service is a remediation engine that software engineers are using to help identify, validate, and remediate vulnerabilities across critical dependencies embedded deep within modern software archit...

Why Your Best People Can’t Save a Broken Delivery System

When delivery falls apart, the reflex is to blame the team. Missed dates, quality slips, a burned-out squad — leadership tends to reach for a personnel fix and quietly move on. The uncomfortable pattern in most enterprise organizations is that the system itself is the failure mode. Decision latency, priority misalignment, and layers of governance that were designed for a slower era grind against the very people leaders keep asking to grind harder. Talented engineers cannot outrun a delivery pipeline that is structurally set up to stall. Marnus Marx, founder and Delivery Confidence Coach at Elanvia Consulting, joined Alan Shimel to unpack what that structural failure actually looks like from the inside. Marx came up through Unix and Linux systems before moving into DevOps and delivery coaching, which shapes how he diagnoses these breakdowns — as engineering problems in the socio-technical system, not character flaws in the humans stuck inside it. His frame of “delivery confidenc...

Why AI-Driven Devops is Exposing the Limits of Traditional Toolchains and What Comes Next for Engineering Teams in 2026

Modern software delivery has crossed a threshold where speed is no longer the differentiator, but a stress test for the entire engineering system. AI-assisted development has created a new baseline expectation where features, fixes and even architectural changes can be generated in minutes rather than days. This acceleration feels like progress, yet it exposes a structural weakness that has been building for years inside DevOps practices. Traditional DevOps was designed around human-paced iteration cycles. Code was written, reviewed, tested and deployed in relatively predictable sequences. AI changes this rhythm entirely by compressing multiple stages of development into a single generative step. A developer can now produce what looks like a complete service, including tests and infrastructure definitions, in one session. The pipeline is no longer dealing with incremental change, but with sudden bursts of high-volume transformation. This creates an operational paradox. Systems are f...

GitHub Copilot Bills Hit $800: Visual Studio’s June Update Adds Real-Time Usage Alerts and MCP Trust Checks

Microsoft’s June Stable Channel update for Visual Studio landed on two things developers have been asking for all year: A clearer view of what their Copilot habit actually costs, and a way to know whether an MCP server has quietly changed under the hood. Both features answer real pain points that surfaced in the past few months, not hypothetical ones. The Billing Shock That Started It All On June 1, GitHub moved every Copilot plan from premium request units to usage-based billing, calculated by token consumption rather than request count. Base plan prices didn’t change, but the way usage is metered did, and the shift meant users would be charged based on how many tokens they burn as they work, rather than a low flat rate per request. The reaction was loud. Some developers reported their monthly bills climbing from around $29 to nearly $750, and other reports of heavy agentic users have their costs surging from $39 to over $800 a month. Whether that’s a fair reflecti...

‘GitLost’ Flaw Lets Attackers Trick GitHub AI Agent Into Leaking Private Repos

A security flaw in GitHub’s months-old GitHub Agentic Workflows allows attackers to use an indirect prompt injection to trick the AI agent into grabbing information from a private repository and quietly posting it in a public repository belonging to the same organization. The vulnerability, dubbed “GitLost” by Noma Security researchers, is only the latest example for developers and security teams of the risks that come with AI agents and how vulnerable they are to deceptive tactics by threat actors that often – as in this case – don’t need coding skills, access, or stolen credentials to run such campaigns. This is different from a classic prompt injection, according to Sasi Levi, security research lead with Noma. Those earlier prompt injection examples were primarily about manipulating what an agent said, similar to jailbreaking a chatbot’s output. In contrast, GitLost is about manipulating what an agent does with its permissions. “The agent here isn’t just a chat window; it...