Skip to main content

Posts

Your CI/CD Pipeline Has Non-Human Identities You Forgot About

A deployment starts failing late on a Friday evening. The initial assumption is that something changed in the application release. Teams start checking container images, Terraform plans and recent commits. Nothing looks wrong. A few hours later, someone discovers the actual issue: a deployment token tied to an old automation workflow expired months ago. The token was still being used by a pipeline nobody realized was active. The original engineer who created it had already moved to another team. Situations like this are becoming normal in modern delivery environments. Not because organizations suddenly lost visibility into human access, but because CI/CD systems now create machine identities constantly. Most of them are temporary. Some become permanent without anyone planning for it. A few years ago, infrastructure access mostly revolved around employees, administrators and service accounts that teams could track manually. That model no longer holds up very well. Today’s pipeline...
Post a Comment
Read more
Recent posts

Copado Brings AI Agents to DevOps Platform for Building Custom Salesforce Apps

Copado has added artificial intelligence (AI) agents to its DevOps platform for building and deploying custom applications for the software-as-a-service (SaaS) application platform from Salesforce. At launch, Copado is making available Agentia AI agents specifically that can be assigned plan, build and testing tasks via an orchestration agent that manages the overall workflow. Each Agentia AI agent understands the unique metadata framework that Salesforce developed but also all the dependencies, pipelines and testing activity occurring across the software development lifecycle (SDLC) that is captured via the Agentia Context Hub. Additionally, there is an Agentia Studio tool that can be used to build AI workflows and other autonomous agents. Copado CEO Ted Elliot said the Agentia AI agents have been trained using metadata, pipelines, and customer-provided knowledge to automate, for example, planning and documentation tasks or the actual writing for code. DevOps teams can also apply...
Post a Comment
Read more

AWS Security Agent Brings Full Repository Code Scanning to Preview

Security teams have long relied on static analysis tools to catch vulnerabilities before code ships. Those tools are useful, but they have a fundamental limitation: they match code against known patterns. They don’t understand your application. AWS is taking a different approach with its latest addition to AWS Security Agent. The company recently released full repository code review in preview — a feature that goes well beyond traditional scanning by reasoning about your entire codebase the way a security researcher would. What’s New Full repository code review is a new capability in AWS Security Agent that performs deep, context-aware security analysis of an entire codebase. It’s now available in preview at no additional charge for existing AWS Security Agent customers. Unlike traditional static analysis tools that match code against known vulnerability patterns, full repository code review reasons about an application’s architecture, trust boundaries, and d...
Post a Comment
Read more

The Rise of Composable Architectures to Replace Traditional Platforms

Traditional monolithic platforms have served their purpose. As technologies like artificial intelligence and quantum computing usher in a new digital age, flexible and modular architectures will take their place. Developers and cloud professionals should familiarize themselves with composable architecture’s principles, benefits and implementation best practices to remain competitive in an evolving technological landscape. Composable Architectures Are Catching On Composable architecture is not a niche concept. Market research shows it is a rapidly growing trend with significant projected growth. By 2028, its value will reach an estimated $11.8 billion , up from $5.2 billion in 2023. It will achieve a compound annual growth rate of 17.5% during the forecast period, demonstrating its rapid rise in popularity. This expansion reflects increasing demand from organizations seeking greater flexibility and adaptability in their technology infrastructure, underscoring its importance to e...
Post a Comment
Read more

Hacktron Plans to Build AI Platform to Test Code for Vulnerabilities

Hacktron revealed today it is developing a platform that leverages artificial intelligence (AI) to continuously test code for vulnerabilities. Fresh off raising $2.9 million in seed capital, Hacktron founder Zayne Zhang said the company’s platform will employ multiple AI models to test every pull request and code change to identify vulnerabilities that are actually exploitable. Once identified, the platform will also surface a recommendation to remediate that issue that could be shared with an AI coding tool. The overall goal is to dramatically reduce the number of false positives that DevOps teams waste time investigating, said Zhang. In effect, AI will significantly reduce the current level of burden DevSecOps teams today experience when trying to maintain application security, he added. The team behind Hacktron has years of expertise researching vulnerabilities. Most recently, Hacktron uncovered critical vulnerabilities in the widely used OAuth2 Proxy project, highlighting risks ...
Post a Comment
Read more

OpenAI’s Daybreak Challenges Anthropic in AI Cybersecurity Race

OpenAI has moved deeper into enterprise cybersecurity with the launch of Daybreak, a platform that identifies software vulnerabilities, validates fixes, and speeds up patching workflows using AI models and its Codex Security system. Daybreak places OpenAI more directly in competition with Anthropic, whose Project Glasswing and Claude Mythos models also offer dual-use AI systems built for cybersecurity research and defensive operations. Rather than promoting Daybreak as a standalone security product, OpenAI designed it as an operational layer embedded inside software development and enterprise security workflows. The system combines GPT-5.5 models, Codex Security, and integrations with established security vendors to help customers analyze codebases, model attack paths, validate vulnerabilities, and provide remediation guidance. “Daybreak positions OpenAI as a control surface for application security, asserting itself above the AppSec agent layer incumbents are building. The tiered T...
Post a Comment
Read more

Red Hat Previews AI Agent Integration with Ansible Automation Platform

Red Hat today revealed it is extending the reach of its Ansible Automation Platform for IT operations to artificial intelligence (AI) agents, in addition to making it simpler to build AI agents using existing application development tools. Announced at the Red Hat Summit conference, version 2.7 of the Ansible Automation Platform adds a technology preview of an orchestration engine for AI agents that are able to invoke capabilities via an integrated Model Context Protocol (MCP) server. Sathish Balakrishnan, vice president and general manager for Ansible at Red Hat, said these capabilities provide AI agents with a trusted execution layer through which they can automate IT operations. The overall goal is to make new and existing libraries of automation playbooks available to AI agents in a way that can be governed using a set of policies enforced via the Red Hat Ansible Automation Platform, he added. As part of that effort, the Red Hat Ansible Automation Platform can now serve as an ...
Post a Comment
Read more