Skip to main content

Posts

Giving AI Agents the Keys to Real Infrastructure

AI coding assistants can generate pull requests faster than most teams can review them, and that mismatch is creating a new kind of bottleneck across engineering organizations. The volume of AI-generated code is growing rapidly, but without a reliable way to validate that code against real production environments, teams are left choosing between slowing down to manually review everything or accepting the risk of pushing untested changes forward. Alan Shimel speaks with Sumeet Vaidya, CEO and co-founder of Crafting.dev, about the emerging concept of closed-loop autonomous development. The idea is straightforward: rather than treating AI agents as tools that hand off code for humans to verify, give those agents the ability to test their own output against live dependencies and real infrastructure before a human ever needs to get involved. The conversation explores what it takes to make that work in practice. Traditional sandboxing approaches struggle to replicate the complexity of...
Post a Comment
Read more
Recent posts

Survey Surfaces Increased Reliance on Open Source Software to Build Apps

A survey of 712 IT professionals finds that programming languages and frameworks (49%), followed closely by ​databases and data technologies (46%), DevOps/GitOps/DevSecOps tooling (39%) and cloud and container technologies (38%) are the areas where open source software is most widely adopted. Conducted in collaboration with the Open Source Initiative (OSI) consortium and the Eclipse Foundation, the survey also finds nearly half (49%) of respondents reporting they have increased use of open source software in the last year, with 21% describing that increase as significant. Nearly half (49%), however, said usage of open source software remained the same in the last year. Not surprisingly, the primary reason cited for adopting open source software was reduced costs derived from no licensing fee (62%), followed by avoiding vendor lock-in (55%). Despite that level of adoption, roughly a third of respondents also noted they still struggle with Security updates and patches (39%), instal...
Post a Comment
Read more

How AI is Shaping Modern DevOps and DevSecOps

AI is no longer a side experiment in software delivery. Gartner estimates that by 2028, three-quarters of enterprise software engineers will use AI code assistants, up from less than 10% in early 2023 . That scale matters because it shifts day-to-day work across the entire software development lifecycle — from what makes it into the backlog to how we release and learn after incidents. From SDLC to Flow: What Really Changes Across planning and design, AI reduces noise. Backlogs get de-duplicated, related items are grouped, and dependency-heavy work is surfaced earlier, so sprints start clearer. During build and test, assistants suggest edge cases, flag risky changes, and help teams focus on the small number of issues that truly threaten stability. In release and operations, AI connects the dots between recent deploys, logs and user impact, so responders get to the first safe action faster. None of this is magic; it’s shorter feedback loops and better signals, stitched into the work...
Post a Comment
Read more

Meta Researchers Show AI Agents Can Verify Code Without Running It — and Hit 93% Accuracy

Can an AI agent determine whether two code patches are functionally equivalent without executing either one? Meta researchers Shubham Ugare and Satish Chandra say yes — if you give the agent the right reasoning structure. Their paper, “Agentic Code Reasoning,” published in March, introduces a technique called semi-formal reasoning that improves AI agents’ ability to analyze code semantics across three practical tasks: Verifying whether patches produce the same behavior, localizing bugs in codebases, and answering questions about how code works. The results are strong enough to matter for how DevOps teams think about code review, verification, and training pipelines. The Problem With How Agents Reason About Code AI agents can navigate codebases, read files, trace dependencies, and gather context. But when asked to make judgments about what code does — whether a patch is safe, whether two implementations are equivalent, where a bug lives — they tend to guess rather than prove. Stan...
Post a Comment
Read more

Developers Using Anthropic Claude Code Hit by Token Drain Crisis

Developers never really voiced any major desire to enter the age of AI coding; they always appeared quite happy to tap away at both chiclet and clacky mechanical keyboards into the wee small hours on manual coding tasks. But that relaxed indifference changed once real coding assistants came onto the scene. Among the most appealing tools in this space is Anthropic’s Claude Code, an AI-powered command-line coding assistant that helps developers write, edit, debug and automate code. But there’s no such thing as a free lunch or an unlimited Claude Code quota, even on the company’s $200 annual subscription deal. Limited to a Relative Multiplier According to Claude itself, “Max 20x ($200/month) is the top individual tier with 20x Pro usage, at which level rate limits stop being a practical concern for most full-day development work. That’s essentially the extent of the official promise, i.e., it’s a relative multiplier, not a hard number.” Since March, 2026, Claude Code Max subscriber...
Post a Comment
Read more

North Korean Hackers Suspected in Supply Chain Attack on Popular Axios Project

North Korean hackers are accused of hijacking the npm account of an axios maintainer, a highly popular and widely used JavaScript HTTP client library, in the latest in a growing number of sophisticated attacks targeting open-source software developers. For a brief few hours running from late March 30 into early March 31, the bad actors were able to hijack the npm account of the primary axios maintainer and publish two new malicious versions – “axios@1.14.1” and “axios@0.30.4” – that introduced a hidden runtime dependency, plain-crypto-js@4.2.1. When a developer or CI/CD pipeline ran the npm install, the dependency installed a remote access trojan (RAT) that contacted a command-and-control (C2) server and dropped secondary payloads targeting macOS, Windows, and Linux systems, according to researchers for StepSecurity , one of several security vendors that analyzed the attack. The RAT is capable of a range of threats, from running arbitrary commands to exfiltrating system data to es...
Post a Comment
Read more

Why Governance Determines Whether Agentic AI Accelerates or Stalls Engineering 

The incorporation of AI into engineering work — through code completion, test generation, refactoring assistance and documentation support — continues to drive rapid gains in team productivity. As organizations expand their use of AI, they expect the velocity of deliverables to accelerate as well. However, those early gains are offset by increased security reviews, unresolved compliance questions and growing code-review workloads that many don’t account for.   That slowdown points to how AI is being integrated into existing engineering processes, rather than limitations in the tools themselves. Engineers use agentic AI tools to ship faster, but many organizations lack the governance and oversight necessary to effectively manage how those AI tools are being used. Prompts sent through ungoverned agentic AI services lack consistent tracking, auditability and enforcement. This creates uncertainty and risk, leading leadership to worr...
Post a Comment
Read more