Skip to main content

Posts

Why You Need AI Agent Security Validation in Software Testing

Engineering teams have been racing for the last two years to deploy AI agents that can find bugs faster than any QA team ever could. Autonomous testing agents can crawl through codebases, identify vulnerabilities, and generate test coverage reports while developers finally get to take a breath. The irony is that while development teams enjoy that brief reprieve, the workload for testers and security researchers has exploded, because now they have to validate not just the code but the agents doing the testing. And most leaders are now facing a disturbing truth that should fundamentally change how we think about quality engineering. The agentic testing platforms we trusted to secure our applications may themselves be introducing attack vectors we have never seen before, says Ahmed Zaidi , Chief Executive Officer of Accelirate , who leads the companyʼs automation and AI-driven testing strategy. Grappling with a fundamental challenge that most QA leaders have not yet confronted, he exp...
Recent posts

Anaconda Acquires Kilo Code to Unify AI Development from First Prompt to Production

Anaconda Inc. has acquired Kilo Code, an open-source, model-agnostic platform that embeds artificial intelligence (AI) agents directly into developer workflows. The acquisition integrates Kilo’s rapid-growth community of over three million developers into Anaconda’s expanding enterprise AI-native development ecosystem. The transaction positions Anaconda to secure the entire software development lifecycle, from the developer’s initial prompt to final enterprise deployment. Financial terms were not disclosed. The deal represents a major strategic step in Anaconda’s bid to address a critical industry bottleneck: The estimated 80% of enterprise AI projects that fail to reach production. By combining Kilo’s front-end AI agents with Anaconda’s secure package distribution and its recently acquired Outerbounds orchestration platform, Anaconda aims to create a highly secure, continuous pipeline for AI-native software development. Kilo’s platform is built for agentic engineering, where...

SmartBear Tightens Integration Between AI Coding and Testing Tools

SmartBear this week revealed it is narrowing the divide between coding and testing by integrating its platform with artificial intelligence (AI) coding tools . Sheryl Koenigsberg, senior vice president of product marketing at SmartBear, said integrations with AI coding tools from Anthropic, Atlassian, GitHub, and Amazon Web Services (AWS) will make it simpler for application developers to test code without having to exit the tools they use to create code. Specific capabilities added to the SmartBear portfolio include a SmartBear Model Context Protocol (MCP) server for GitHub and connectors to ReadyAPI and Swagger for developers using Claude Code from Anthropic. The overall goal is to reduce the level of friction that application developers might encounter as the volume of code being generated using AI coding tools continues to exponentially increase, said Koenigsberg. In the absence of that testing, the amount of technical debt that software engineering teams are accruing will soon ...

Anaconda Doesn’t Want to Be Just the Python Company Anymore

The Kilo Code acquisition complements Anaconda’s Python roots, but it also reveals a larger ambition: Moving up the AI stack before the value—and the developer relationship—moves beyond it. Anaconda announced this week that it is acquiring Kilo Code, and the announcement arrived wrapped in enough AI marketing language to fill several context windows. There is a “tokenpocalypse.” Enterprises are “token-maxxing.” CIOs are being asked whether they know where their data is. Anaconda and Kilo, meanwhile, are promising “AI on your own terms.” Let’s strip all of that away. The deal is important enough without the promotional wrapping. Kilo Code is an open-source, model-agnostic coding agent used by more than 3 million developers. According to the companies, it orchestrates nearly 10 trillion tokens per month and can route work across more than 500 models. It operates inside VS Code, JetBrains and the command line, placing it directly where developers and AI agents increasingly perform the...

From AI Hype to AI Assurance: How Engineering Teams Can Safely Ship AI-Enabled Software

AI has moved very quickly from experimentation to production. A few years ago, many organizations were still asking whether AI could improve their products or internal workflows. Today, the question is different: how can teams ship AI-enabled software safely, reliably, and responsibly? That shift matters because AI is no longer just a research project or a boardroom talking point. It is being added to customer support platforms, fraud detection systems, developer tools, compliance workflows, cloud operations, marketing engines, and enterprise applications. The opportunity is real, but so is the risk. Traditional software usually behaves in predictable ways. If the logic is written correctly, the same input should produce the same output. AI systems are different. A generative AI feature may produce useful answers one moment and questionable answers the next. A model can hallucinate, misread context, expose sensitive information, or make recommendations that sound confident but are wr...

Atlassian Extends AI Reach of Jira Into Agentic Engineering Workflows

Atlassian today extended the scope of tasks that artificial intelligence (AI) can automate directly from its Jira project management software, including assigning work to an AI coding agent. Initially, Jira integration with AI coding tools includes Claude Code from Anthropic, Cursor, and GitHub Copilot, with support for Codex from OpenAI forthcoming. Software engineering teams can also leverage the DX AI cost management report tool to unify spend and token data across third-party tools like Claude, Cursor, and GitHub Copilot and Jira projects. Additionally, Atlassian is embedding a Jira Coding Agent in every paid plan that makes use of the context provided by Jira to convert items into ready-to-review pull requests without requiring developers to set up a local application development environment. At the same time, Jira Planner can now pull from a codebase, Jira and the Confluence wiki tool to define requirements and generate a structured technical specification that either an AI age...

GitHub API Abuse, ‘Ghost’ Accounts Part of Malicious Efforts to Map Organizations

A cluster of coordinated and overlapping campaigns that have been running for several months is abusing GitHub’s API and leveraging dozens of “ghost” accounts that have been dormant for years to map organizations and their developers. Many of the operations are using the API to scrape public information; some have gone further, including cloning private repositories, compromising users’ tokens, and, in one case, exfiltrating data from a private repository, according to researchers with Datadog. The campaigns are not the result of a single bad actor, but what Julie Agnes Sparks, senior security engineer with Datadog, described as a “blend of custom automated scanner tools, opportunistic abuse of leaked credentials, and coordinated networks of burner (ghost) accounts.” “Individually, most of these requests are unremarkable,” Sparks wrote. “They hit public endpoints, authenticate cleanly or not at all, and return successful responses. The concern lies in the aggregate: a group of acco...