DevOps Pulse

GitHub's AI-powered vulnerability detection expands security coverage with 80% positive developer feedback

while the CAI security framework discovered critical vulnerabilities in Ecoforest heat pumps, demonstrating AI's dual role in creating and solving security problems. Seven critical vulnerabilities in Veeam Backup & Replication (CVSS 9.9) allow authenticated users to execute arbitrary code, enabling ransomware groups to directly target backup infrastructure. GitLab democratizes AI by expanding Duo Agent Platform to free tier users, while ransomware groups increasingly leverage AI to automate attacks on CI/CD pipelines with 100x faster data exfiltration rates.

Signals
28
Sections
5/5
Threats
5
Fresh
8
Updated
88d ago
Show

DevOps Platform Updates

scanned 88d ago6

Latest announcements and changes from GitHub, GitLab, Azure DevOps, Bitbucket, and Atlassian.

GitHub Adds AI-Powered Vulnerability Detection to Code Security

<cite index='3-1,3-5,3-6'>GitHub is introducing AI-powered security detections to expand application security coverage across more languages and frameworks, complementing CodeQL by surfacing potential vulnerabilities in areas difficult to support with traditional static analysis.</cite> <cite index='3-8,3-17'>The hybrid detection model processed over 170,000 findings in testing with 80% positive developer feedback.</cite>

githubGitHub Blog·23 Mar

AI Security Framework CAI Discovers Critical Vulnerabilities

<cite index='7-13,7-14'>CAI (Cybersecurity AI) discovered critical vulnerabilities in Ecoforest heat pumps allowing unauthorized remote access and potential catastrophic failures, revealing exposed credentials and DES encryption weaknesses.</cite> <cite index='7-8,7-9'>CAI is a lightweight, open-source framework for AI-powered security automation already used by thousands of users and hundreds of organizations.</cite>

githubGitHub Repository·2 AprNEW

GitLab 18.10 Expands AI Agent Platform to Free Tier

<cite index='14-2,14-3'>Organizations on GitLab.com free tier can now access GitLab Duo Agent Platform through GitLab Credits commitment, with agentic code reviews at flat $0.25 per review.</cite> <cite index='14-4,14-11'>Agentic false positive detection for security scanning is now generally available, using AI to automatically score and explain security findings.</cite>

gitlabGitLab Investor Relations·19 Mar

Atlassian Patches High-Severity Confluence Command Injection Flaw

<cite index='32-4,32-5'>CVE-2025-64756 is a high-severity OS Command Injection vulnerability in Confluence Data Center and Server that allows authenticated attackers to gain access and execute arbitrary commands.</cite> <cite index='32-6'>Fixed versions include Jira Data Center 11.3.3 (LTS) and 10.3.18 (LTS), with firewall rules recommended as temporary mitigation.</cite>

confluenceUC Berkeley Information Security Office·18 Mar

Azure DevOps Temporarily Rolls Back Advanced Security API Restrictions

<cite index='23-4,23-5,23-6'>Azure DevOps restricted API access for build service identities as a security improvement but is temporarily rolling it back due to customer impact on existing automations.</cite> <cite index='23-7,23-18'>The restriction will be re-enforced on April 15, 2026, with service principals recommended for Advanced Security API access.</cite>

azure-devopsAzure DevOps Blog·30 Mar

AI-Powered Security Testing Agents Show High Vulnerability Discovery Rate

<cite index='9-1,9-4,9-6'>GitHub Security Lab Taskflow Agent is effective at finding Auth Bypasses, IDORs, and Token Leaks in open source projects, with uniformly high severity vulnerabilities reported.</cite> <cite index='9-10,9-15'>The taskflows uncovered authorization logic bugs in multiple ecommerce applications that had been undiscovered for years.</cite>

githubGitHub Blog·12 Mar