DevOps Platform Updates
scanned 59d ago6Latest announcements and changes from GitHub, GitLab, Azure DevOps, Bitbucket, and Atlassian.
Microsoft Agent 365 Runtime Protection for AI Security
Microsoft announced Agent 365 Runtime Protection on April 30, 2026, introducing real-time monitoring for AI agents across Microsoft Copilot platform. The service analyzes agent behavior, flags suspicious operations, and can automatically revoke permissions. Features advanced AI-code scanning in GitHub Advanced Security and AI Data Security Investigations in Microsoft Purview.
Critical GitHub CVE-2026-3854 RCE Vulnerability via Git Push
Researchers disclosed CVE-2026-3854 (CVSS 8.7), allowing authenticated users to achieve remote code execution on GitHub servers with a single git push command. The vulnerability affects both GitHub.com and Enterprise Server, potentially exposing millions of repositories. Fixed on GitHub.com March 4, but 88% of Enterprise instances remain vulnerable.
Spin.AI Acquires Revyz for Atlassian Data Protection
Spin.AI announced acquisition of Revyz on April 28, 2026, to extend data resiliency and security posture management to Atlassian ecosystem. The combined platform provides automated backup, ransomware protection, and configuration management for Jira and Confluence, addressing enterprise consolidation needs with unified governance across cloud environments.
Azure DevOps CVE-2026-23658 Privilege Escalation Vulnerability
Microsoft disclosed CVE-2026-23658, a high-severity elevation-of-privilege vulnerability in Azure DevOps Server on March 19, 2026. The vulnerability allows authenticated attackers to escalate privileges within on-premises deployments, potentially compromising development assets. Security updates available across all supported versions requiring immediate patching.
Atlassian AI Data Collection Policy Takes Effect August 2026
Atlassian will begin using customer data from Jira and Confluence to train AI models starting August 17, 2026. Free and Standard customers cannot opt out of metadata collection, while Enterprise users retain full opt-out capabilities. The policy affects 300,000 organizations with data potentially flowing to OpenAI for seven-year retention periods.
DevOps Platform Incidents Rose 21% with 9,255 Hours Downtime
GitProtect's 2026 report reveals DevOps incidents increased 21% to 607 cases in 2025, with total disruption time nearly doubling to 9,255 hours. Critical incidents rose 69% year-over-year. GitHub, GitLab, Bitbucket, and Jira all experienced significant outages, with June being the most volatile month recording 21 incidents across platforms.