DevOps Pulse

GitHub AI agents are generating 275 million commits

weekly while suffering critical prompt injection vulnerabilities that let attackers hijack agents via comments. GitProtect launched GitHub Enterprise Cloud Data Residency backup support targeting Veeam's regulated customers while Commvault entered DevOps backup with GitHub, GitLab, and Azure support. Supply chain attacks compromised Trivy and KICS vulnerability scanners, creating a paradox where security detection tools became attack vectors.

Signals
34
Sections
5/5
Threats
9
Fresh
16
Updated
68d ago
Show

DevOps Platform Updates

scanned 69d ago7

Latest announcements and changes from GitHub, GitLab, Azure DevOps, Bitbucket, and Atlassian.

GitHub Agentic Workflows Security Hardening

GitHub released security improvements for AI workflows including pre-agent steps sanitization, which closes supply-chain attack vectors by scanning and cleaning working trees of malicious executables. The update also moves MCP configuration to .github/mcp.json for better security alignment. These changes address real security concerns as AI agents increasingly handle DevOps automation.

githubGitHub Agentic Workflows Blog·20 AprRecent

Microsoft Security Exposure Management Release

Microsoft launched Secure Now, a new Security Exposure Management blade that combines guidance with actionable controls across Azure environments. The platform includes GitHub Advanced Security with CodeQL and Copilot Autofix for code vulnerabilities. A new multi-model AI-driven scanning solution is expected in preview by June 2026, targeting enterprise security at scale.

azure-devopsMicrosoft Security Blog·22 AprNEW

GitLab Code Review Flow Agent Platform

GitLab released the agentic Code Review Flow as part of GitLab Duo Agent Platform, providing enhanced contextual understanding of repository structure and cross-file dependencies. The platform analyzes code changes, merge request comments, and linked issues to deliver detailed review comments with actionable feedback. This represents a shift toward AI-driven code security and quality assurance.

gitlabGitLab Release Notes·22 AprNEW

Atlassian Security Bulletin Critical Vulnerabilities

Atlassian published a security bulletin addressing 31 high-severity and 7 critical-severity third-party vulnerabilities across Jira, Confluence, and other products. The bulletin emphasizes immediate patching to latest versions. This follows previous exploitation of Confluence vulnerabilities for cryptocurrency mining and ransomware deployment, highlighting ongoing risks in DevOps collaboration platforms.

confluenceAtlassian Security·21 AprRecent

GitHub AI Agent Traffic Surge Strains Platform

GitHub faces unprecedented load from AI agents generating 275 million commits weekly, with pull requests from agents surging 4x from 17 million in March 2026. The platform is considering agent-specific rate limits and dedicated AI Agent pricing plans as autonomous agents hammer APIs and Actions at machine speed, potentially disrupting traditional DevOps workflows.

githubQuasa·20 AprRecent

Azure DevOps Server April Security Patches

Microsoft released April patches for Azure DevOps Server addressing critical issues including null reference exceptions in pull request completion, malicious redirect prevention during sign-out, and PAT connection fixes for GitHub Enterprise Server. Visual Studio 2026 pipeline task support remains pending for Q3 2026, creating compatibility gaps for modern development workflows.

azure-devopsAzure DevOps Blog·16 AprRecent

AWS DevOps and Security Agents GA Release

AWS announced general availability of DevOps Agent and Security Agent, part of their frontier agents strategy for autonomous operations. DevOps Agent helps investigate incidents and reduce MTTR by up to 75%, while Security Agent provides continuous, context-aware penetration testing. These agents operate autonomously across multiple steps until completion, representing a shift toward AI-driven security operations.

githubAWS Blog·6 Apr