News and Tech Update

A bot recently approved one of my Pull Requests (PRs) with the cleanest possible verdict: “No Issues Found — Recommendation: Merge.” The story did not end there.   Weeks later, a maintainer finally reviewed the contribution. By then, the parts of the repository targeted by the localization work had been removed as the project evolved. The PR was closed, not because the translation was incorrect, but because the review arrived after the underlying code structure had changed.   That outcome highlights a broader challenge in open source internationalization (i18n). The problem is often not translation quality. It is the absence of processes that allows language contributions to be evaluated, routed, and integrated before project evolution overtakes them.   Translation is Not the Hard Part   When people hear “i18n,” many maintainers think it means “drop a JSON file in.” That is not what it involves. Internationalisation is a system: stable keys, defined fallback behaviour, plural rules...

AI-generated infrastructure code is arriving faster than most organizations can absorb it. The organizations that invested in platform quality first are the ones pulling ahead. Every few years, someone declares that Infrastructure as Code is dead. The arguments tend to “sidecar” the hype cycle. First, complexity, then containers, then Kubernetes, then serverless. Now it’s AI’s turn; supposedly, generative AI tools will make declarative configuration files obsolete, and natural-language prompts will replace Terraform modules and policy-as-code guardrails. This latest narrative probably drives clicks and hallway conversations. But it’s wrong. What’s actually happening is more interesting and more consequential for infrastructure leaders: IaC is becoming the system of record inside a larger platform architecture, one that AI both depends on and generates code for. Enterprise infrastructure remains stubbornly hybrid, spanning on-prem and cloud, with GPU clusters emer...

Anthropic pulled back a planned billing change for its Claude Agent SDK on June 15 — the same day the change was supposed to take effect. The company’s message to subscribers was short: Nothing changes for now. The reversal came as a relief to developers who build automated agents on top of Claude. But it’s probably temporary. Pricing for Anthropic’s Claude Agent SDK isn’t changing for the time being, and Anthropic hasn’t said when a revised plan might show up. What Was Supposed to Happen The original plan, announced in mid-May, would have split Claude usage into two buckets. Chat conversations and the official Claude CLI would continue to run under standard subscription limits. But outside SDK usage would be billed at Anthropic’s prevailing API rates, with subscribers receiving a simple monthly usage credit equal to their subscription price. That’s a real shift. Right now, Agent SDK usage is limited only by the standard weekly caps on a use...

Amazon Web Services (AWS) today made available a preview of an artificial intelligence (AI) agent that has been trained to continuously modernize codebases. Announced at the AWS New York Summit , the AI agent is being embedded into AWS Transform , the application modernization service AWS launched last year. Sriram Devanathan, director of AWS Transform, said the autonomous AI agent added to the service will, unlike existing agents, asynchronously execute tasks such as remediating code or analyzing technical debt. AWS Transform automatically scans your code repositories against configurable baselines and generates findings in hours. Policies for detecting end-of-life dependencies, deprecated frameworks, and other common sources of technical debt are already embedded. If a DevOps team has deprecated an internal library or prefers a particular logging pattern, it can be codified as a policy that runs continuously across code repositories. Once an issue is detected, AI agents will auton...

Here is a situation most engineering leaders recognize. You roll out AI coding tools. Features ship faster. Developers are more productive. Then, a few months in, you realize something unexpected: the engineers you most wanted to free up are busier than ever. They are reviewing PRs, firefighting regressions, juggling a dozen half-shipped features and the edge cases that came with each one. AI made them more efficient. It also made them ten times more busy. The bottleneck did not disappear. It moved. And it moved to exactly the place most teams are least equipped to handle quickly: verification. This is the problem that CI/CD, in its current form, is not set up to solve on its own. CI/CD is a delivery mechanism. It runs what you give it. If you give it a pipeline that still depends on humans to write tests, review logic, and triage failures, adding AI on the generation side just means the human verification step gets hit harder. You are filling a faster funnel into the same narrow dr...

Amazon Web Services (AWS) today launched a service that expands the scope of the artificial intelligence (AI) tools it provides to secure code to include an agent that discovers, validates and prioritizes vulnerabilities that are then used to surface a remediation recommendation. Announced at the AWS New York Summit , the AWS Continuum service also adds a tool to automatically create threat models for codebases. Additionally, AWS is now making it possible to run code reviews, generate threat models, and remediate findings directly from within an integrated development environment (IDE) or command line interface (CLI) by invoking the Model Context Protocol (MCP). Those tools and capabilities will be added to a previously launched AI tool to automate penetration testing using an AWS Security Agent that is now generally available. Chet Kapoor, vice president of security services and observability for AWS, told conference attendees that in the wake of more advanced AI models such as M...

I’ve lived through five major technology shifts: mainframe to Windows in the early ‘90s, internet computing in the late ‘90s and early 2000s, Agile in the mid-2000s, cloud through the 2010s, and now AI. You learn things by surviving that many. You learn that vendors oversell. That leadership wants results yesterday. That the breathless predictions almost never land on the calendar that everyone promised. So you learn to discount the hype. And that reflex, the one thing that five shifts trained into me, is the thing I’d warn other veterans about right now. The hype curve lies in both directions. Everyone knows it inflates expectations early. What we forget is that it deflates them later, right around the time the technology actually starts to matter. The people who got burned chasing the last four shifts are the ones primed to under-react to this one. The engineer who lost a year to a premature cloud migration is the same engineer waving off agentic coding today. Same scar, wron...

GitHub is resuming enforcement of minimum version requirements for GitHub Actions self-hosted runners — and this time, the deadlines are firm. After a rocky start that included multiple delays and a temporary pause earlier this year, GitHub has published a clear enforcement timeline for both GitHub Enterprise Cloud and GitHub Enterprise Cloud with Data Residency. If your team runs self-hosted runners and hasn’t upgraded them yet, now is the time to act. Why This Is Happening In early 2024, the GitHub Actions team began rearchitecting the backend services that power job execution and runner communication. That foundational rebuild now handles over 120 million jobs per day — more than three times the pre-migration volume — and lets enterprises start seven times more jobs per minute than before. Version enforcement is the final step in completing that migration. Older runner versions that are incompatible with the updated infrastructure can no longer be supported as all runners m...

Checkmarx this week revealed it has re-engineered the core engines embedded within its static application security testing (SAST) tools for the agentic artificial intelligence (AI) era. At the core of that effort is a next-generation SAST hybrid scanning engine that combines three distinct capabilities within the Checkmarx One platform. An existing deterministic rules-based foundation is now being extended using a purpose-built large language model (LLM) and a Finding Analysis Engine (FAE) that suppresses false positives. Frank Emery, director of product management for Checkmarx, said the SAST tools embedded in the Checkmarx One platform, as a result, now combine existing deterministic results for specific programming languages with the probabilistic insight generated by large language models (LLMs) that have been shown to be effective at discovering vulnerabilities. The challenge is that LLMs tend to generate a lot of false positives, which can now be sharply reduced using the FAE,...

Fresh off a historic initial public offering, SpaceX announced Tuesday that it has entered a definitive agreement to acquire Anysphere Inc., the parent company of the popular artificial intelligence (AI) coding assistant Cursor, in an all-stock transaction valued at $60 billion. The acquisition cements SpaceX’s sudden transformation into an AI powerhouse, following its merger with Elon Musk’s xAI venture in February. The deal is expected to close in the third quarter of 2026, subject to regulatory approvals. Under the agreement, Cursor common and preferred stock will convert into SpaceX Class A common stock. The exchange ratio will be determined by the volume-weighted average closing price of SpaceX stock over the seven trading days prior to closing. Neither SpaceX nor Cursor immediately responded to requests for comment. The transaction materializes an option SpaceX unveiled in April, which gave the aerospace-and-AI giant the choice to either buy the San Francisco-based start...

Terminal-based coding assistants for AI-curious developers are hot these days, and the most popular choice appears to be Claude Code . But Anthropic’s commercial offering has a new open source rival: MiMo Code , released under an MIT license by Chinese smartphone giant Xiaomi.  Unlike Claude Code, MiMo Code is not restricted to a specific LLM provider. It was also optimized for “long-horizon automated programming tasks,” according to the introductory blog entry . The software aims to “maintain decision quality and state continuity over dozens or even hundreds of execution steps.” The AI community has taken notice of this release. Since its v0.1 release last week, MiMo Code has garnered 9,000 stars on GitHub , and has been forked 783 times.  And unlike Claude Code, which costs $20 a month to start, MiMo is free, and may not even require connecting to a cloud provider, if the user installs a model on their own machine. Tackling Long Horizon Memory Retention  Large Language Models (...

AI coding agents can create a new code execution risk when they treat externally influenced error data as trusted guidance and have access to command line tools, according to new research from Tenet Security. The security company demonstrated an indirect prompt injection technique it calls “Agentjacking” in a recent report . In its proof of concept, an attacker planted malicious instructions inside a fake Sentry error report, causing an AI coding agent to execute an attacker-supplied command during a routine debugging task. The attack began with a Sentry Data Source Name (DSN), a credential commonly embedded in a website’s frontend JavaScript. Sentry treats DSNs as public and write-only because they allow applications to submit events without granting access to the project or its existing data. But an attacker who obtains the DSN can use it to send a false error event to the project’s ingest endpoint and control fields, including the error message, stack trace, tags, context and brea...

New Relic has made available an open source extension to its observability platform for coding tools at no additional cost. Nic Benders, chief technical strategist for New Relic, said the New Relic AI Coding Observability capability will make it simpler for DevOps teams to centrally monitor usage of a diverse range of artificial intelligence (AI) coding tools, including the cost of the tokens consumed, using the same platform they already have to observe IT operations. Regardless of the type of AI coding tool employed, New Relic AI Coding Observability normalizes the data collected, he added. That capability makes it possible for organizations to employ multiple AI coding tools as they best see fit, or swap one out for another as additional advances are made, noted Benders. The arrival of New Relic AI Coding Observability coincides with the sharing of a survey of 200 technology decision makers in the U.S. that finds a full 94% rate code generated by AI as being of a higher qualit...

DevOps has always carried a larger purpose than installing tools, automating pipelines, or improving deployment frequency. Those things matter. I have spent much of my career helping organizations make those things work. Yet the deeper purpose of DevOps is to improve the flow of value through a complex socio-technical system. The system includes tools, platforms, pipelines, environments, tests, controls and production operations. It also includes people, leadership behavior, decision rights, accountability, learning, fear, confidence and trust.   The technical side is easier to see. A failed build is visible. A broken deployment is visible. A production incident is visible. The human side usually fails more quietly. People stop speaking up. Teams wait for permission. Architects argue in private. Security arrives late. Operations becomes defensive. Leaders ask for more status. Engineers learn which truths are safe to tell and which truths create trouble. The organization continues to r...