Learn how Open Policy Agent (OPA) transformed go/no-go releases from subjective meetings into automated, auditable, policy-driven decisions embedded directly in the CI/CD pipeline.
Author: drweb
Agentic AI is transforming DevOps by embedding autonomous quality checks into CI/CD pipelines, improving code security, coverage and speed.
Full-Stack Engineer
Cursor’s new cloud AI coding agents can build, test, and verify software autonomously using real UI interaction. With 35% of production PRs generated by agents, software delivery is shifting from code authoring to agent orchestration and governance.
Harness today revealed that it will make available a set of open source tools for testing the resiliency of applications that are based on a chaos engineering platform the company gained with the acquisition of LitmusChaos. The Harness Resilience Testing platform extends the scope of the tests provided to include application load and disaster recovery […]
Artificial intelligence has shortened the timeline for software development from months to days. But according to new research, that acceleration is creating significant risks for security and compliance issues. Black Duck’s 2026 Open Source Security and Risk Analysis (OSSRA), based on audits of 947 commercial codebases spanning 17 industries, shows that vulnerabilities inside enterprise applications […]
I wanted to be a race car driver before I knew what a data center was. I started in traffic, not in the cloud. This was not a childhood dream driven by glamour. It was more practical than that. I grew up in India, and I was always late for school. Not entirely my fault. […]
Three critical vulnerabilities found in Anthropic’s Claude Code agentic AI developer tool could be exploited simply by cloning and opening an untrusted project and lead to system takeover, stolen API keys, and credential theft, according to security researchers with Check Point. The security flaws, which Anthropic fixed last year and last month after the researchers […]
Last week I was in Bangalore for a consulting assignment. Before I go any further, let me say that all the names, locations, and company details in this post have been changed. These are real conversations with real people, but I want to protect their privacy, so I have anonymized everything. The feelings, the fears, and the situations are completely real. Only the identifiers have been swapped out. This story is about Who Pays My Bills if AI Takes My Job?So after the session, one of the senior DBAs, let us call him Ramesh, asked me if we could grab…
A malicious package downloaded approximately 50,000 times from a node package manager (npm) is providing an object lesson for adopting more DevSecOps best practices. Security researchers from Tenable discovered a “ambar-src” package that was first published Feb. 13 and then updated again before being discovered. It is aimed at developers building JavaScript applications on Windows, […]