Principal Web Engineer (Architecture & Platform-(SaaS)
Author: drweb
Appknox today added an ability to apply artificial intelligence (AI) to assess vulnerabilities in the binaries used to construct a mobile application and recommend a fix that can be passed on to an AI coding tool to implement. Company CEO Harshit Agarwal said KnoxIQ provides an AI copilot to more accurately assess how exploitable a vulnerability within a mobile application is versus relying on a generic Common Vulnerability Exposure (CVE) score. Once assessed, it then becomes possible to recommend the best way to remediate that vulnerability using whichever AI coding tool a software engineering team has adopted. The key difference…
Like other AI model vendors, Anthropic relies on guardrails to ensure that its Claude family of models can’t be abused by bad actors to bypass those security protections and take actions that go against them. However, researchers with LayerX found that the protections for Claude Code, Anthropic’s popular coding tool used by more than 115,000 developers, can easily be hacked, turning it “from a ‘vibe’ coding tool into a nation-state-level offensive hacking tool that can be used to hack websites, launch cyberattacks, and research new vulnerabilities,” Roy Paz, principal security researcher for the AI and browser security company, wrote in…
Working in DevOps, I’ve seen FinOps do amazing things for cloud cost control, but I’ve also watched teams stumble during adoption. FinOps sounds simple in theory: collaborate, track costs, optimise continuously. In reality, organisations run into the same roadblocks again and again. The good news? Most of them are predictable and fixable, once you know what to look for. Here are some of the most common FinOps pitfalls I’ve run into, plus the practical ways I’ve learned to navigate them.Lack of Cost VisibilityPitfall: One of the biggest issues is the lack of real-time visibility into cloud costs. Many teams spin…
Various security issues do not appear during builds or staging tests. They emerge after deployment, when production traffic begins exercising real permissions, integrations and system states. Runtime risk refers to security exposure caused by configuration, identity or infrastructure changes after deployment. Teams adopt DevSecOps to shift security controls earlier in delivery while maintaining deployment velocity. Runtime risk emerges when deployed configurations, identities and infrastructure drift from what pipelines validated during testing. Even mature best practices and modern DevSecOps tools fall short when third-party dependencies, compliance demands and real production behavior collide. These factors bypass build-time controls by introducing permissions, behaviors and constraints not evaluated during testing. Production incidents consistently expose gaps that build-time controls cannot detect once systems face real traffic, state and…
Mar 31, 2026 Docker Sandboxes: Run Agents in YOLO Mode, Safely Agents have crossed a threshold. Over a quarter of all production code is now AI-authored, and developers who use agents are merging roughly 60% more pull requests. But these gains only come when you let agents run autonomously. And to unlock that, you have to get out of the way. That means letting agents run… Eric Jia, Srini Sekaran, and Timir Karia Read now
Planning a complex code change is hard enough. Reviewing it in a terminal window shouldn’t make it harder. Anthropic is addressing that friction with a new capability called Ultraplan, currently in research preview as part of Claude Code. The feature moves the planning phase of a coding task from your local terminal to the cloud — and gives developers a richer environment to review, revise, and approve a plan before a single line of code changes. It’s a small workflow shift with real practical value, especially for teams working on large-scale migrations, service refactoring, or anything that requires careful coordination…
Jules was just the beginning. Google’s internally referenced “Jitro” project signals a bigger shift — from task execution to outcome-driven development. Most AI coding agents work the same way. A developer spots a problem, writes a prompt, and watches the agent execute. It’s fast. It’s useful. But it still puts the developer in the driver’s seat for every single decision. Google appears to be rethinking that model entirely. The company is reportedly building the next generation of Jules, its autonomous coding agent, under an internal project name: Jitro. While the current Jules experiment has seen little visible progress in recent…
Apica today updated its Ascent platform to add support for synthetic data that is increasingly being used by artificial intelligence (AI) agents to observe application environments. Version 2.16 of the platform adds support for a set of real user monitoring (RUM) and service level objective (SLO) dashboards, an ability to correlate changes made to any given rule to the cost of processing telemetry data, and additional performance enhancements. Andi Mann, chief product technology officer for Apica, said collectively these updates will make it more feasible for DevOps teams to feed telemetry data at scale into observability platforms in a way…
Most database monitoring tools are built for the wrong audience. The dashboards are designed to reassure managers, the alerts are calibrated to satisfy compliance checklists, and the reports are formatted for quarterly reviews. None of that is useful at 10 PM when an application is returning timeouts and the on-call developer is asking for an update every three minutes.What a DBA needs in that moment is a tool that already has the context. Not raw data that needs to be assembled under pressure. Not a list of thresholds that were crossed. The actual context: what was running, what was waiting,…