News and Tech Update

Amazon Web Services (AWS) today made available a preview of an artificial intelligence (AI) agent that has been trained to continuously modernize codebases. Announced at the AWS New York Summit , the AI agent is being embedded into AWS Transform , the application modernization service AWS launched last year. Sriram Devanathan, director of AWS Transform, said the autonomous AI agent added to the service will, unlike existing agents, asynchronously execute tasks such as remediating code or analyzing technical debt. AWS Transform automatically scans your code repositories against configurable baselines and generates findings in hours. Policies for detecting end-of-life dependencies, deprecated frameworks, and other common sources of technical debt are already embedded. If a DevOps team has deprecated an internal library or prefers a particular logging pattern, it can be codified as a policy that runs continuously across code repositories. Once an issue is detected, AI agents will auton...

Here is a situation most engineering leaders recognize. You roll out AI coding tools. Features ship faster. Developers are more productive. Then, a few months in, you realize something unexpected: the engineers you most wanted to free up are busier than ever. They are reviewing PRs, firefighting regressions, juggling a dozen half-shipped features and the edge cases that came with each one. AI made them more efficient. It also made them ten times more busy. The bottleneck did not disappear. It moved. And it moved to exactly the place most teams are least equipped to handle quickly: verification. This is the problem that CI/CD, in its current form, is not set up to solve on its own. CI/CD is a delivery mechanism. It runs what you give it. If you give it a pipeline that still depends on humans to write tests, review logic, and triage failures, adding AI on the generation side just means the human verification step gets hit harder. You are filling a faster funnel into the same narrow dr...

Amazon Web Services (AWS) today launched a service that expands the scope of the artificial intelligence (AI) tools it provides to secure code to include an agent that discovers, validates and prioritizes vulnerabilities that are then used to surface a remediation recommendation. Announced at the AWS New York Summit , the AWS Continuum service also adds a tool to automatically create threat models for codebases. Additionally, AWS is now making it possible to run code reviews, generate threat models, and remediate findings directly from within an integrated development environment (IDE) or command line interface (CLI) by invoking the Model Context Protocol (MCP). Those tools and capabilities will be added to a previously launched AI tool to automate penetration testing using an AWS Security Agent that is now generally available. Chet Kapoor, vice president of security services and observability for AWS, told conference attendees that in the wake of more advanced AI models such as M...

I’ve lived through five major technology shifts: mainframe to Windows in the early ‘90s, internet computing in the late ‘90s and early 2000s, Agile in the mid-2000s, cloud through the 2010s, and now AI. You learn things by surviving that many. You learn that vendors oversell. That leadership wants results yesterday. That the breathless predictions almost never land on the calendar that everyone promised. So you learn to discount the hype. And that reflex, the one thing that five shifts trained into me, is the thing I’d warn other veterans about right now. The hype curve lies in both directions. Everyone knows it inflates expectations early. What we forget is that it deflates them later, right around the time the technology actually starts to matter. The people who got burned chasing the last four shifts are the ones primed to under-react to this one. The engineer who lost a year to a premature cloud migration is the same engineer waving off agentic coding today. Same scar, wron...

GitHub is resuming enforcement of minimum version requirements for GitHub Actions self-hosted runners — and this time, the deadlines are firm. After a rocky start that included multiple delays and a temporary pause earlier this year, GitHub has published a clear enforcement timeline for both GitHub Enterprise Cloud and GitHub Enterprise Cloud with Data Residency. If your team runs self-hosted runners and hasn’t upgraded them yet, now is the time to act. Why This Is Happening In early 2024, the GitHub Actions team began rearchitecting the backend services that power job execution and runner communication. That foundational rebuild now handles over 120 million jobs per day — more than three times the pre-migration volume — and lets enterprises start seven times more jobs per minute than before. Version enforcement is the final step in completing that migration. Older runner versions that are incompatible with the updated infrastructure can no longer be supported as all runners m...

Checkmarx this week revealed it has re-engineered the core engines embedded within its static application security testing (SAST) tools for the agentic artificial intelligence (AI) era. At the core of that effort is a next-generation SAST hybrid scanning engine that combines three distinct capabilities within the Checkmarx One platform. An existing deterministic rules-based foundation is now being extended using a purpose-built large language model (LLM) and a Finding Analysis Engine (FAE) that suppresses false positives. Frank Emery, director of product management for Checkmarx, said the SAST tools embedded in the Checkmarx One platform, as a result, now combine existing deterministic results for specific programming languages with the probabilistic insight generated by large language models (LLMs) that have been shown to be effective at discovering vulnerabilities. The challenge is that LLMs tend to generate a lot of false positives, which can now be sharply reduced using the FAE,...