News and Tech Update

GitHub is resuming enforcement of minimum version requirements for GitHub Actions self-hosted runners — and this time, the deadlines are firm. After a rocky start that included multiple delays and a temporary pause earlier this year, GitHub has published a clear enforcement timeline for both GitHub Enterprise Cloud and GitHub Enterprise Cloud with Data Residency. If your team runs self-hosted runners and hasn’t upgraded them yet, now is the time to act. Why This Is Happening In early 2024, the GitHub Actions team began rearchitecting the backend services that power job execution and runner communication. That foundational rebuild now handles over 120 million jobs per day — more than three times the pre-migration volume — and lets enterprises start seven times more jobs per minute than before. Version enforcement is the final step in completing that migration. Older runner versions that are incompatible with the updated infrastructure can no longer be supported as all runners m...

Checkmarx this week revealed it has re-engineered the core engines embedded within its static application security testing (SAST) tools for the agentic artificial intelligence (AI) era. At the core of that effort is a next-generation SAST hybrid scanning engine that combines three distinct capabilities within the Checkmarx One platform. An existing deterministic rules-based foundation is now being extended using a purpose-built large language model (LLM) and a Finding Analysis Engine (FAE) that suppresses false positives. Frank Emery, director of product management for Checkmarx, said the SAST tools embedded in the Checkmarx One platform, as a result, now combine existing deterministic results for specific programming languages with the probabilistic insight generated by large language models (LLMs) that have been shown to be effective at discovering vulnerabilities. The challenge is that LLMs tend to generate a lot of false positives, which can now be sharply reduced using the FAE,...

Fresh off a historic initial public offering, SpaceX announced Tuesday that it has entered a definitive agreement to acquire Anysphere Inc., the parent company of the popular artificial intelligence (AI) coding assistant Cursor, in an all-stock transaction valued at $60 billion. The acquisition cements SpaceX’s sudden transformation into an AI powerhouse, following its merger with Elon Musk’s xAI venture in February. The deal is expected to close in the third quarter of 2026, subject to regulatory approvals. Under the agreement, Cursor common and preferred stock will convert into SpaceX Class A common stock. The exchange ratio will be determined by the volume-weighted average closing price of SpaceX stock over the seven trading days prior to closing. Neither SpaceX nor Cursor immediately responded to requests for comment. The transaction materializes an option SpaceX unveiled in April, which gave the aerospace-and-AI giant the choice to either buy the San Francisco-based start...

Terminal-based coding assistants for AI-curious developers are hot these days, and the most popular choice appears to be Claude Code . But Anthropic’s commercial offering has a new open source rival: MiMo Code , released under an MIT license by Chinese smartphone giant Xiaomi.  Unlike Claude Code, MiMo Code is not restricted to a specific LLM provider. It was also optimized for “long-horizon automated programming tasks,” according to the introductory blog entry . The software aims to “maintain decision quality and state continuity over dozens or even hundreds of execution steps.” The AI community has taken notice of this release. Since its v0.1 release last week, MiMo Code has garnered 9,000 stars on GitHub , and has been forked 783 times.  And unlike Claude Code, which costs $20 a month to start, MiMo is free, and may not even require connecting to a cloud provider, if the user installs a model on their own machine. Tackling Long Horizon Memory Retention  Large Language Models (...

AI coding agents can create a new code execution risk when they treat externally influenced error data as trusted guidance and have access to command line tools, according to new research from Tenet Security. The security company demonstrated an indirect prompt injection technique it calls “Agentjacking” in a recent report . In its proof of concept, an attacker planted malicious instructions inside a fake Sentry error report, causing an AI coding agent to execute an attacker-supplied command during a routine debugging task. The attack began with a Sentry Data Source Name (DSN), a credential commonly embedded in a website’s frontend JavaScript. Sentry treats DSNs as public and write-only because they allow applications to submit events without granting access to the project or its existing data. But an attacker who obtains the DSN can use it to send a false error event to the project’s ingest endpoint and control fields, including the error message, stack trace, tags, context and brea...

New Relic has made available an open source extension to its observability platform for coding tools at no additional cost. Nic Benders, chief technical strategist for New Relic, said the New Relic AI Coding Observability capability will make it simpler for DevOps teams to centrally monitor usage of a diverse range of artificial intelligence (AI) coding tools, including the cost of the tokens consumed, using the same platform they already have to observe IT operations. Regardless of the type of AI coding tool employed, New Relic AI Coding Observability normalizes the data collected, he added. That capability makes it possible for organizations to employ multiple AI coding tools as they best see fit, or swap one out for another as additional advances are made, noted Benders. The arrival of New Relic AI Coding Observability coincides with the sharing of a survey of 200 technology decision makers in the U.S. that finds a full 94% rate code generated by AI as being of a higher qualit...