DevOps Pulse

GitLab patched critical CVE-2026-4868 (CVSS 9.6) allowing

authenticated users to execute workflows under another user's identity in Duo AI, while 68 AI-related DevOps incidents documented widespread vulnerability exploitation. PocketOS lost all production data in 9 seconds when an autonomous AI agent inside Cursor deleted a Railway storage volume, highlighting catastrophic AI risk in development environments. Veeam launched DataAI Command Platform with post-quantum cryptography directly challenging competitors, while Cohesity prepares 2026 IPO at $17B valuation after Veritas merger. DevOps protection urgency accelerates as DORA enforcement requires 4-hour incident reporting and AI coding vulnerabilities reach critical scale across all platforms.

Signals
26
Sections
5/5
Threats
6
Fresh
8
Updated
26d ago
Show

DevOps Platform Updates

scanned 27d ago4

Latest announcements and changes from GitHub, GitLab, Azure DevOps, Bitbucket, and Atlassian.

GitLab Patches Critical Duo AI Security Vulnerabilities

GitLab released emergency patches (19.0.1, 18.11.4, 18.10.7) addressing CVE-2026-4868, a high-severity access control flaw in Duo AI workflow runners allowing authenticated users to execute workflows under another user's identity. Additional fixes include DoS vulnerabilities in Wiki components and authorization bypasses in GraphQL APIs.

gitlabCybersecurity News·27 MayRecent

GitHub Extends Secret Scanning to AI Coding Agents

GitHub shipped 37 new secret detectors and extended scanning capabilities to AI coding agents via MCP Server. Push protection now covers 39 token types by default. This addresses the growing security gap as AI agents generate code at scale, providing detection earlier in the pipeline than commit-time protection.

githubDevOps.com·1 Apr

Azure DevOps Bitbucket Integration Breaks After API Deprecation

Microsoft's Azure DevOps integration with Bitbucket failed after Atlassian deprecated APIs (CHANGE-2770), affecting pipelines and workers. A hotfix was deployed on April 8 for App Service integration, but broader Azure DevOps connectivity remains impacted, forcing organizations to consider pipeline migrations.

azure-devopsMicrosoft Q&A·7 Apr

GitLab Expands Agentic AI with Automated Security Remediation

GitLab 18.11 introduced agentic SAST vulnerability resolution, allowing AI agents to analyze confirmed vulnerabilities, generate code fixes, and open merge requests automatically. New subscription-level spending caps provide cost controls for enterprise-wide GitLab Duo Agent Platform rollouts.

gitlabBusiness Wire·16 Apr