DevOps Pulse

AI prompt injection vulnerabilities hit Claude

Gemini CLI, and GitHub Copilot agents with attackers stealing API keys through malicious pull request titles, exposing critical gaps in AI-powered DevOps security. GitProtect launched first-to-market GitHub Enterprise Cloud Data Residency support with AES-GCM encryption, directly targeting Veeam's regulated industry customers. DevOps backup failures reached 43% with 96% of ransomware attacks now targeting backup repositories first, while supply chain attacks compromised trusted security tools including Trivy scanner. The PM team should accelerate AI-aware security features and GitHub Enterprise Cloud roadmap to counter GitProtect's competitive advantage.

Signals
30
Sections
5/5
Threats
10
Fresh
16
Updated
71d ago
Show

DevOps Platform Updates

scanned 72d ago7

Latest announcements and changes from GitHub, GitLab, Azure DevOps, Bitbucket, and Atlassian.

GitHub Secret Scanning AI Enhancement and Enterprise APIs

GitHub released major updates to secret scanning including AI-detected secrets in scan history API, enterprise-level dismissal request endpoints, and expanded push protection defaults. The updates strengthen GitHub's continued investment in developer security experience and provide better enterprise control over secret detection workflows.

githubGitHub Blog·14 AprRecent

AI Agent Prompt Injection Vulnerabilities in Major Platforms

Security researchers discovered prompt injection attacks affecting Anthropic's Claude, Google's Gemini CLI, and Microsoft's GitHub Copilot AI agents. The attacks could steal API keys and access tokens through malicious pull request titles, highlighting critical security gaps in AI-powered DevOps tools.

githubThe Register·15 AprNEW

GitHub Secure Code Game Season 4 Launches AI Agent Security Training

GitHub released Season 4 of its Secure Code Game focusing on agentic AI vulnerabilities. The game teaches developers to identify and exploit real-world security flaws in AI coding assistants, addressing the growing security concerns as AI agents move from research to production environments.

githubGitHub Blog·15 AprNEW

GitLab 18.11 Released with Vulnerability Resolution and AI Agents

GitLab released version 18.11 featuring vulnerability resolution on GitLab Duo Agent Platform, automated remediation capabilities, and new foundational agents. The release enhances security workflows and strengthens GitLab's AI-powered development assistance platform.

gitlabGitLab Releases·16 AprRecent

GitLab Critical Security Patches Address High-Severity CVE-2026-5173

GitLab released critical security updates addressing 12 vulnerabilities including CVE-2026-5173 (CVSS 8.5), a websocket access control flaw allowing authenticated attackers to invoke unintended server-side methods. Immediate upgrade recommended for all self-managed installations.

gitlabGitLab Releases·8 AprRecent

Azure DevOps Server April Security Patches Released

Microsoft released patches for Azure DevOps Server addressing pull request completion failures, malicious redirect prevention, and GitHub Enterprise Server PAT connection fixes. The patches improve validation during sign out to prevent security vulnerabilities.

azure-devopsMicrosoft DevBlogs·15 AprNEW

GitHub Actions 2026 Security Roadmap: Secure-by-Default Platform

GitHub announced its 2026 roadmap for Actions security featuring centralized policy controls, deterministic dependency locking, and secure-by-default automation. The updates address supply chain attacks and aim to make CI/CD security easier without requiring workflow rebuilds.

githubGitHub Blog·31 Mar