Last month, one of our autonomous coding agents (not a copilot suggesting inline completions, but a system that reads a ticket, plans a multi-file implementation and opens a PR without a human touching the keyboard) analyzed a ticket, touched 37 files, updated two database migrations and opened a PR in 11 minutes flat. The diff looked clean. Tests passed. The reviewer approved it.We found the problem at 2:47 a.m. on a Thursday, three days later, during an unrelated log audit. One of our SREs was tailing canary logs trying to trace an intermittent 401, and there it was: A staging…
Author: drweb
Continuous software delivery in the digital age depends on CI/CD pipelines, which enable engineering teams to rapidly develop, test, and deploy code while maintaining high usability and consistency across environments. However, CI/CD pipelines — when systems start small and become complex — can themselves produce a source of friction. Pipelines set up to work for small projects have difficulty scaling with ever more repositories, larger test suites and larger development teams. Slow feedback cycles, increased infrastructure costs and decreased developer productivity are some by-products of bad pipeline design.Here are 10 CI/CD pipeline mistakes that you’ll often come across as part…
Most Node.js teams rely on CI pipelines to tell them whether their dependencies are secure. By the time that feedback arrives, however, the most important decisions have already been made.A developer installs a package, writes code, commits changes and pushes to a repository. Only then does the pipeline run, a scanner execute and a report appear. At that point, the issue is no longer discovery; it is remediation under time pressure.This is the core problem. CI-based security workflows are fundamentally delayed.From Feedback to FrictionIn theory, CI pipelines provide a consistent and automated way to validate security. In practice, they introduce…
Modernization used to mean something simpler: Move the workloads, update the tooling, declare the project done. In practice, that approach meant engineers manually migrating hundreds of DataStage jobs one at a time — a process that was slow, error-prone and impossible to scale as platforms grew. The traditional model worked when volumes were low. It broke entirely when weekly release windows started carrying 500 jobs and the only way through was brute-force manual effort.What changed the equation was not just cloud infrastructure, but a fundamentally different operating model. When a CI/CD-based promotion mechanism replaces manual steps — reducing what once…
The FM life cycle is just the SDLC with more math and less mercy at 3 a.m.You have survived canary deployments that took out 40% of prod instead of 5%. You have been paged because someone merged a config change on a Friday. You know exactly what it feels like when your monitoring tells you everything is fine, right up until the moment customers start tweeting.Now your organization has a foundation model (FM) in production, and I promise you: The on-call playbook you have built over a decade does not cover what happens when your model starts confidently answering customer…
AI coding assistants have made it trivially easy to ship software faster — and that is precisely the problem. Human developers used to absorb the gaps in a vague spec by asking questions, reading between the lines and quietly steering toward something useful. AI tools do not work that way. They take incomplete requirements at face value and build them literally, which means small ambiguities at the front of the process compound into expensive mistakes at the back. The result is shops moving at AI speed in directions they never meant to go.Jeff Keyes, Field CTO at Allstacks and a…
Key Takeaways:Vishing is the new frontline threat: Attackers are shifting from emails to phone-based scams, using AI and social engineering to bypass traditional security controls.DevSecOps must expand its scope: Securing code is no longer enough; communication channels like voice, chat, and messaging must be integrated into threat models and security pipelines.Human and technical defenses must work together: Strong architecture (encryption, authentication, Zero Trust) combined with employee awareness and verification practices is key to stopping modern social engineering attacks.As cybercriminals shift from email to phone lines, security professionals need to expand their scope. As a result, voice phishing or “vishing”, which…
How many programming languages do you know? If you have even the most rudimentary experience with this sector, then your answer will probably include Python in some way or form. Python remains one of the most popular programming languages in the world, and for good reason. Its syntax is beginner-friendly, its ecosystem is massive, and you can use it for anything, including web applications and data science workflows. Very few other languages can boast of the same versatility, so it’s clear why programmers use it and why so many newbies choose to study it. If you’re among them, you’re in…
May 12, 2026 Docker AI Governance: Unlock Agent Autonomy, Safely Introducing Docker AI Governance: centralized control over how agents execute, what they can reach on the network, which credentials they can use, and which MCP tools they can call, so every developer in your company can run AI agents safely, wherever they work. Your laptop is the new prod Agents are the biggest productivity unlock… Read now
The traditional shape of CI/CD assumed humans worked in the inner loop and pipelines policed the outer one. AI coding agents are tearing that geometry apart. When code can be generated in seconds, waiting until a pull request to run validation, tests, code review and standards checks turns the outer loop into a backlog of preventable rework. The pipeline itself becomes the bottleneck — and the bottleneck shows up not just as time lost but as wasted tokens, half-finished features and engineering controls that fall behind the rate of change.Rob Zuber, CTO of CircleCI, joined Mike Vizard to lay out…