News and Tech Update

A deployment goes out late at night. Everything seems fine at first. The dashboards are green, there are no alerts, and the release looks clean. A few hours later, the latency starts to increase. Nothing is critical. No alerts go off. By the time users notice, the system is already stressed. In a typical case, someone gets paged, checks the logs, reviews recent changes, and the team starts to connect the dots manually. It works, but it is slow and reactive. Now think of a different setup. The same pattern starts. Instead of waiting for things to break, an AI agent notices something is off. It connects it with a deployment, finds a likely cause, and takes action before users feel the impact. This is where modern DevOps is headed. With the rise of tools like Claude agents, the conversation is shifting from automation to autonomy. The question is no longer if AI can help DevOps. The question is whether it can take over a lot of it.   From Defined Pipelines to Adaptive Systems ...

The XZ Utils backdoor was a wake-up call, but the underlying problem it exposed has not gone away. Sophisticated adversaries are playing the long game, spending months or years earning trust within open source projects before introducing malicious code into libraries that sit at the foundation of modern software infrastructure. Mike Vizard and Josh Bressers, VP of security at Anchore, dig into why the software supply chain remains dangerously vulnerable and what the industry is getting wrong in its response. Bressers points out that the vast majority of open source projects are maintained by a single person or a very small group of volunteers. These maintainers are often overworked and under-resourced, managing critical dependencies that thousands of organizations rely on in production. When an attacker targets one of these projects, the maintainer is the entire security perimeter. No amount of scanning or compliance tooling downstream can fully compensate for a compromise that h...

Software runs, but sometimes it doesn’t… and that’s often down to a lack of runtime visibility in relation to platform engineering teams being able to trust coding assistants and AI-powered site reliability engineering (SRE) services. It’s an assertion made by software reliability company Lightrun, in its State of AI-Powered Engineering Report 2026, based on an independent poll of 200 SREs and DevOps leaders at enterprises in the U.S., UK and EU.  “To keep pace with AI-driven velocity, we can no longer rely on reactive observability. We must shift runtime visibility left, giving AI tools and agents the live execution data they need to validate code before it ever fails in production,” said Lightrun CEO, Ilan Peleg. Runtime Visibility Fragility Peleg and team say that until AI-powered engineering tools have live visibility of how code behaves at runtime, they cannot be trusted to autonomously ensure reliable systems. But why is runtime visibility so flaky?  One of the m...

Every tech conference likes to say it is about the future. Most of them are really about product launches, roadmaps and a little carefully managed optimism. SUSECON feels different this year. Part of that is timing. Part of it is geography. And part of it is that SUSE happens to sit right in the middle of several conversations that are becoming more urgent by the day. The event runs April 20 through 23 in Prague , with more than 100 breakout sessions covering Linux, cloud native infrastructure, edge computing, AI, observability and digital sovereignty, along with keynotes, hands-on labs, certification exams and community gatherings. That is the official agenda. The real story sits just beneath it. SIGN UP FOR SPECIAL EDITION SUSECON NEWSLETTER FOR NEXT WEEK, ONLY 5 EDITIONS HERE   The deeper conversation is about control. For a long time, sovereignty sounded like the kind of topic that lived mostly in policy papers or conference panels in Brussels. It did not always feel con...

Waydev today revealed it has revamped its engineering intelligence platform to provide insights into how the adoption of artificial intelligence (AI) coding tools is impacting DevOps workflows. Company CEO Alex Circei said the overall goal is to make it easier for the leaders of software engineering teams to determine the return on investment (ROI) their AI coding tools are actually providing. While there is little doubt that AI tools are capable of generating code faster than humans, the percentage of that code making it into production environments is often unknown. DevOps engineers need to understand where AI code is being accepted, rejected or rewritten, and whether AI-assisted pull requests pass CI at the same rate as those authored by a human. The Waydev platform, now at every checkpoint in a DevOps workflow, captures which AI agent wrote the code across all commits, repositories, teams, and tools, along with insights into usage costs. A Waydev AI agent then provides a natur...

GitHub’s new Stacked Pull Requests feature restructures how developers submit and review changes by allowing large code updates to be broken into smaller, interdependent units. With Stacked PRs, each unit can be reviewed and merged individually while still contributing to the overall feature set. The approach helps developers shift away from monolithic pull requests, which have become increasingly difficult to manage as development continues to move faster. The release of Stacked PRs is a response to the rise of AI-assisted coding tools, which have greatly increased the volume and scale of code submissions, placing new pressure on review workflows. While large pull requests spanning dozens of files used to be merely inconvenient, they are sometimes now a systemic issue. There is a widening gap between code generation and code review, with reviewers dealing with reduced visibility and slower turnaround times. With the layered workflow of Stacked PRs, developers can sequence related...