Skip to main content

Posts

Agentic AI for Defense: How Checkmarx Turns Security into a Coding Partner

“AI-powered” has become the default label for every security tool on the market. But there’s a meaningful difference between a tool that uses AI to generate alerts after the fact and one that actively participates in development, preventing vulnerabilities as code is written. That difference is what separates reactive AI from agentic AI. And it matters more now than ever. What “Agentic” Actually Means in AppSec In the context of application security, agentic AI isn’t a buzzword. It describes a specific set of capabilities: the tool proactively surfaces security issues in real time, understands the context in which code is being written, and recommends fixes before insecure patterns reach the pipeline. The developer still makes the call. But instead of finding out about a vulnerability hours or days after committing it, they get guidance at the moment they can act on it most efficiently. Three qualities define the approach. Agentic AI is proactive, performing inline validation as...
Recent posts

How to Manage Operations in DevOps Using Modern Technology

Operations in DevOps is not just about keeping systems up anymore. Teams now have to support faster releases, manage cloud-native environments, improve security, and keep services reliable at scale. That is a big shift. Operations is no longer a back-office function. It plays a direct role in how fast and how safely the business can move. New technology has made this easier in some ways. Tools like Infrastructure as Code, observability platforms, and AIOps can reduce manual work and give teams better control. But they also add complexity. More tools do not automatically mean better operations. Many teams still deal with alert fatigue, messy handoffs, and too much operational noise. That is why modern operations need a different approach. The goal is not to add more processes. It is to build systems that are easier to run, easier to monitor, and easier to improve. In DevOps, good operations means less toil, better visibility and faster recovery when things go wrong. In this artic...

GitHub Halts Copilot Growth as AI Coding Costs Outpace Subscriptions

GitHub has suspended new sign-ups for several of its Copilot subscription tiers, a decision that follows a surge in demand driven by agentic coding workflows, which consume far more compute resources than earlier models of AI assistance. The company confirmed that new subscriptions for Copilot Pro, Pro+, and Student plans are paused, while existing users face tighter usage limits. Internally, the change is framed as a step to maintain service reliability. In practice, it signals that the original pricing model, built around predictable, lightweight usage, no longer aligns with how developers now use AI tools. “Cloud agent sessions running multi-step validation pipelines have materially raised per-interaction costs, and entitlement architecture is being reshaped accordingly,” Mitch Ashley, VP, Software Engineering, The Futurum Group, told Techstrong.it. “Enterprise teams evaluating Copilot Pro+ should treat this as an early signal of access control tightening across agentic develop...

Musk’s SpaceX Targets AI Dominance with $60 Billion Cursor Deal

Elon Musk’s SpaceX has struck a deal with artificial intelligence (AI) coding sensation Cursor that gives SpaceX the right to acquire the startup for $60 billion later this year or, alternatively, pay $10 billion for a collaborative partnership. The announcement, made Tuesday via Musk’s social media platform X, positions the newly formed “SpaceXAI” to challenge industry titans OpenAI and Anthropic. “SpaceXAI and @cursor_ai are now working closely together to create the world’s best coding and knowledge work AI,” the company said. By folding Cursor into the SpaceX ecosystem, Musk is not just building a rocket company; he is attempting to construct a vertically integrated AI powerhouse capable of outcoding the very competitors he helped create, according to industry watchers. “Elon Musk is attempting to warp space and time to leap ahead in the AI race,” said Mitch Ashley, vice president and practice lead, Software Engineering Cycle, at The Futurum Group. “The SpaceX-Cursor arrangem...

AI Agents in DevOps: Hype vs. Reality in Production Pipelines

The demos look super cool! An AI agent detects a failing deployment, rolls it back, opens a GitHub issue, and notifies Slack — all before the on-call engineer has finished reading the alert. If you’ve been following the DevOps tooling space over the last 18 months, you’ve probably seen some version of this pitch. But here’s the honest question: How much of this is actually running in production today, and how much is still a well-staged conference demo? This article cuts through the noise. We’ll look at what AI agents in DevOps actually are, where they’re delivering real value right now, where they’re falling flat, and what teams need to think carefully about before giving an agent the keys to their infrastructure. What We Mean by “AI Agents” in DevOps Before we can separate hype from reality, we need to agree on what an AI agent actually is in this context — because the term is used to describe everything from a glorified LLM wrapper to a sophisticated multi-step autonomous syst...

SUSE Extends AI Agent Reach via MCP Server Integration

SUSE today revealed it is collaborating with multiple providers of artificial intelligence (AI) agents with the ability to manage IT infrastructure resources via integrations with the Model Context Protocol (MCP) server embedded in its platforms. Announced at the SUSECON 2026 conference, AI agents from Fsas Technologies, n8n and Revenium, Stacklock and Amazon Web Services (AWS) can invoke the MCP server that SUSE has embedded in its Rancher Prime and SUSE Multi-Linux Manager offerings. Rick Spencer, general manager, engineering at SUSE, said that capability makes it possible, for example, for the Amazon Quick AI agent that AWS developed to automate workflows for managing IT infrastructure resources such as Linux servers and Kubernetes clusters. Ultimately, any AI agent that can access the SUSE MCP server should be able to, for example, identify system faults in Kubernetes clusters or Linux servers, correlate system logs, and submit a pull request (PR) or a patch to restart a serv...

Critical Microsoft GitHub Flaw Highlights Dangers to CI/CD Pipelines: Tenable

A critical vulnerability in a popular Microsoft GitHub repository could allow a threat actor to easily exploit its CI/CD infrastructure to run arbitrary code in the repository and gain access to secrets, according to researchers with cybersecurity firm Tenable. In an advisory issued April 21, Rémy Marot, staff research engineer at Tenable, wrote that “by exploiting this vulnerability, an attacker with an unprivileged GitHub account could exfiltrate secrets available to the workflow run and perform unauthorized operations on the target GitHub repository.” The security flaw can be easily exploited, and illustrates the growing security risks as CI/CD pipelines play an increasingly central role in the software development field, according to Marot. He found that the Microsoft GitHub repository was using a vulnerable GitHub workflow that allowed any GitHub user to set off remote code execution (RCE) in the GitHub runner. Through this, the bad actor could gain access to a token that l...