Skip to main content

Posts

Survey Surfaces Pervasive Adoption of AI Across SDLC

A global survey of 2,501 IT and DevOps professionals at organizations with more than 150 employees published today finds more than two-thirds (68%) work for organizations that have implemented artificial intelligence (AI) across some or all their software delivery workflows. Conducted by Tricentis, a provider of a platform for testing software, the survey identifies enhanced quality and risk detection (37%), enhanced accuracy and consistency (36%) and improved test automation coverage (32%) as the top benefits of integrating AI into those workflows Overall, 53% manage between six and ten AI or automation tools across their software development lifecycle (SDLC). However, the survey also finds that 60% admit their application developers also regularly ship untested code into production environments. David Colwell, vice president of AI and machine learning at Tricentis, said that as more AI-generated code is created, the volume of code that has not been tested is increasing, which in ...
Post a Comment
Read more
Recent posts

Microsoft Brings AI Agents Directly Into the Windows Terminal

Microsoft just shipped Intelligent Terminal 0.1 — an open-source, experimental fork of Windows Terminal with native agent integration built in. It’s available now from the Microsoft Store or via WinGet ( winget install Microsoft.IntelligentTerminal ), and it installs alongside your existing Windows Terminal without replacing it. This is an early release, clearly labeled as experimental. But it’s a meaningful signal about where Microsoft thinks the terminal is going. What it Actually Does The core idea is straightforward: Instead of copying an error message, opening a browser, hunting through Stack Overflow, and then jumping back to your shell, you stay in the terminal. An AI agent is right there, aware of what’s on your screen. Intelligent Terminal adds a persistent agent pane — a docked, context-aware panel where you can interact with an AI agent CLI without leaving your workflow. GitHub Copilot CLI is the default, but the architecture is open. Any Agent Client Pr...
Post a Comment
Read more

Regression Testing Tools in the Age of AI-Assisted Development: What Has Changed

For most of the past decade, the conversation around regression testing tools was fairly stable. The tools got faster, the integrations got smoother, and the underlying approach stayed largely the same: write tests, run them in CI, fix failures. The fundamental model did not change much because the problem did not change much. AI-assisted development has changed the problem. When developers use AI coding assistants to generate significant portions of their codebase, the assumptions that most regression testing tools were built around start to break down in specific and consequential ways. The tools themselves have not been standing still – several have adapted meaningfully in response – but engineering leaders evaluating regression testing tools today are navigating a landscape that looks genuinely different from what it looked like three years ago. This article examines what has changed, which changes matter most for engineering teams, and how to think about selecting reg...
Post a Comment
Read more

Shai-Hulud Clone ‘Miasma’ Compromises 32 Red Hat npm Packages

The threat group behind the notorious Mini Shai-Hulud worm last month put the complete source code for the malware into a GitHub repository, essentially open sourcing the threat so that other bad actors can create their own variants. GitHub reportedly took down the repository shortly after it appeared, but the damage was already done, with multiple forks created, according to Datadog security researchers. The modular framework that the threat group, TeamPCP, put into the repository included tools for credential harvesting, supply chain poisoning, and encrypted data exfiltration aimed at developer workstations and CI/CD pipelines, increasingly popular targets for attackers. The released source code also indicated evolving capabilities for persistence through the integration of AI agents and for stealing via Sigstore provenance. “The open-sourcing of a production offensive framework is not unprecedented, but it’s unusual for an active campaign,” the researchers wrote in a report...
Post a Comment
Read more

Postman Adds AI Agent to Automate API Development and Governance

Postman added an artificial intelligence (AI) agent to its portfolio of tools and platforms for building and governing application programming interfaces (APIs) that can autonomously perform tasks ranging from development and documentation to exploration and setting up integrations with continuous integration/continuous deployment (CI/CD) environments. Company CEO Abhinav Asthana said the Autonomous API Engineer significantly reduces the total cost of building and maintaining APIs by automating time-consuming tasks that have historically created bottlenecks in software engineering workflows. In fact, the AI agent developed by Postman will make it significantly simpler to integrate API development and testing within those workflows, said Asthana. Designed to be triggered from a pull request, Slack, Postman command line interface (CLI) or the Postman app, the Autonomous API Engineer spins up a secure, sandboxed environment. It then executes tasks and returns verified artifacts, includ...
Post a Comment
Read more

Can Chainguard Save Open-Source Software From Mythos? Can Anyone?

IBM and Red Hat aren’t the only ones that mean to lock down open-source code against AI hacking tools. Last week, IBM and Red Hat launched Project Lightwell to protect open-source projects with $5 billion and 20 thousand engineers. Not to be outdone, with tongue in cheek, Chainguard ’s CEO Dan Lorenc announced a $50 million, 100‑engineer commitment as an attempt to “build new trust infrastructure for open source consumption.” Why? Because Lorenc argues that open source consumption “is fundamentally broken, and no amount of incremental improvement is going to fix it in time.” I wish I could disagree, but he’s right. In his blog post, The Hardest Fork , Lorenc warns “ Mythos is real,” pushing back on those who dismiss Anthropic’s scary code scanner as hype or a “marketing stunt.” He describes the Mythos findings as “novel combinations of a few dozen issues out of thousands of things every SAST [Static Application Security Testing] scanner already finds, chaine...
Post a Comment
Read more

Overcoming IP Churn in Ephemeral DevOps Environments Using Userspace Overlays

Modern DevOps practices have completely transformed how we handle compute and orchestration. Tools like Kubernetes enable engineering teams to spin up ephemeral containers in seconds and scale workloads dynamically to meet global demand. Yet the underlying network infrastructure has remained stubbornly rigid. Traditional cloud networking relies heavily on static IP addresses, rigid firewall rules, and slow DNS propagation. This creates a severe architectural mismatch where highly dynamic compute layers are trapped inside static network topologies. This friction becomes a critical failure point when deploying modern distributed workloads. Artificial intelligence applications and autonomous multi-agent systems are inherently transient. They migrate across cloud providers to optimize for GPU availability or drop down to local edge devices for data collection. Every time a container restarts or shifts to a new environment, its physical IP address changes. This IP churn breaks stateful con...
Post a Comment
Read more