Skip to main content

Posts

From AI Hype to AI Assurance: How Engineering Teams Can Safely Ship AI-Enabled Software

AI has moved very quickly from experimentation to production. A few years ago, many organizations were still asking whether AI could improve their products or internal workflows. Today, the question is different: how can teams ship AI-enabled software safely, reliably, and responsibly? That shift matters because AI is no longer just a research project or a boardroom talking point. It is being added to customer support platforms, fraud detection systems, developer tools, compliance workflows, cloud operations, marketing engines, and enterprise applications. The opportunity is real, but so is the risk. Traditional software usually behaves in predictable ways. If the logic is written correctly, the same input should produce the same output. AI systems are different. A generative AI feature may produce useful answers one moment and questionable answers the next. A model can hallucinate, misread context, expose sensitive information, or make recommendations that sound confident but are wr...
Recent posts

Atlassian Extends AI Reach of Jira Into Agentic Engineering Workflows

Atlassian today extended the scope of tasks that artificial intelligence (AI) can automate directly from its Jira project management software, including assigning work to an AI coding agent. Initially, Jira integration with AI coding tools includes Claude Code from Anthropic, Cursor, and GitHub Copilot, with support for Codex from OpenAI forthcoming. Software engineering teams can also leverage the DX AI cost management report tool to unify spend and token data across third-party tools like Claude, Cursor, and GitHub Copilot and Jira projects. Additionally, Atlassian is embedding a Jira Coding Agent in every paid plan that makes use of the context provided by Jira to convert items into ready-to-review pull requests without requiring developers to set up a local application development environment. At the same time, Jira Planner can now pull from a codebase, Jira and the Confluence wiki tool to define requirements and generate a structured technical specification that either an AI age...

GitHub API Abuse, ‘Ghost’ Accounts Part of Malicious Efforts to Map Organizations

A cluster of coordinated and overlapping campaigns that have been running for several months is abusing GitHub’s API and leveraging dozens of “ghost” accounts that have been dormant for years to map organizations and their developers. Many of the operations are using the API to scrape public information; some have gone further, including cloning private repositories, compromising users’ tokens, and, in one case, exfiltrating data from a private repository, according to researchers with Datadog. The campaigns are not the result of a single bad actor, but what Julie Agnes Sparks, senior security engineer with Datadog, described as a “blend of custom automated scanner tools, opportunistic abuse of leaked credentials, and coordinated networks of burner (ghost) accounts.” “Individually, most of these requests are unremarkable,” Sparks wrote. “They hit public endpoints, authenticate cleanly or not at all, and return successful responses. The concern lies in the aggregate: a group of acco...

Why Developer Workstations Have Become a Critical Part of the Software Supply Chain

For years, software supply-chain security discussions focused on centralized infrastructure such as build servers, package registries, and CI/CD systems. Recent attacks suggest that this view is incomplete. The Megalodon campaign injected malicious GitHub Actions workflows into thousands of repositories, while a separate incident involving a malicious Visual Studio Code extension demonstrated how a single compromised developer device can expose large volumes of source code and internal assets. These incidents highlight a growing reality: developer workstations are now a critical part of the software supply chain. The scale of the threat continues to grow. Sonatype identified more than 454,000 new malicious open-source packages in 2025 alone, pushing the cumulative number of known malicious packages across major repositories beyond 1.2 million. Many of these campaigns are designed specifically to target developer environments, CI/CD systems, and credential stores rather than end user...

Ten Great DevOps Job Opportunities

DevOps.com is now providing a weekly DevOps jobs report through which opportunities for DevOps professionals will be highlighted as part of an effort to better serve our audience. Our goal in these challenging economic times is to make it just that much easier for DevOps professionals to advance their careers. Of course, the pool of available DevOps talent is still relatively constrained, so when one DevOps professional takes on a new role, it tends to create opportunities for others. The ten job postings shared this week are selected based on the company looking to hire, the vertical industry segment and naturally, the pay scale being offered. We’re also committed to providing additional insights into the state of the DevOps job market. In the meantime, for your consideration. Greenhouse Inflection AI Palo Alto, CA Senior DevOps Engineer (AI & Cloud Infrastructure) $175,000 to $250,000 NABIS Remote, US Senior DevOps Engineer $145,000 to $165,000 Trovo Health Ne...

IBM Bob Gets Multi-Agent Muscle and a Cost Dashboard for Enterprise Coding

IBM has rolled out a significant update to Bob, its agentic software development platform, adding multi-agent coordination, built-in spend tracking, and three prebuilt workflows aimed at some of the toughest modernization jobs in enterprise IT: Mainframe COBOL, IBM i, and large Java codebases. The update lands as most engineering organizations are running into a problem nobody predicted a year ago: AI made writing code the easy part. A recent GitLab survey found that 85% of respondents agreed that AI has shifted the main bottleneck from writing code to reviewing and validating code. IBM cites that same data point in its announcement, and it’s clearly shaping how the company is positioning Bob’s next phase. Bob isn’t new. IBM introduced it earlier this year as its answer to tools like Claude Code and OpenAI’s Codex, and it made a splash at IBM’s Think 2026 conference, where it reportedly became one of the most talked-about releases on the show floor. Under...

GitHub’s Redesigned PR Inbox Tackles the Review Bottleneck AI Created

GitHub has made its overhauled pull requests dashboard generally available, giving developers and engineering managers a single view at github.com/pulls to track, prioritize, and act on the pull requests that need their attention. The dashboard moves out of public preview after a rollout that started in March 2026 and shifted to opt-out preview in April. The centerpiece is Inbox, a home base that <cite index=”1-1″>surfaces review requests, pull requests that need fixing due to CI failures or new comments, and pull requests that are ready to merge or sitting in the merge queue</cite>. Developers can reorder or hide sections to fit their own workflow, and filter by repository or recent activity to cut through the noise. Saved views are the other major piece. Instead of relying on browser bookmarks to jump back to a specific filter, developers can now <cite index=”1-1″>create, edit, and organize custom views based on their most-used search querie...