InfoWorld

Enterprises everywhere have been urging employees to adopt AI, with internal leaderboards springing up to show who has used the most AI tokens. Such games can backfire, though, as Amazon recently discovered. Kirorank, an unofficial leaderboard tracking usage of Amazon’s Kiro AI tool, ranked workers according to their AI activity, but senior managers at Amazon found that employees were creating AI…

The rapid uptake of agentic AI has exposed a range of issues with our non-deterministic helpers. That’s mainly because AI agents are not people and don’t behave like people, even though they generally use the same APIs as humans. For one thing, they make many more queries than a human would, as they build the necessary context to deliver a response. Anecdotal data from companies that have worked …

As AI agents become more numerous and more communicative, keeping track of where to find them is becoming increasingly important. Numerous proprietary agent registries are on the market, but the Linux Foundation suggests we simply extend the distributed, open Domain Name System (DNS) infrastructure we already have. The foundation is now inviting contributions to the DNS-AID project, a standard wa…

Researchers in Switzerland claim to have built a perfect random number generator from two quantum superconducting chips, a 30-meter-long pipe, and some software. The resulting device could be used to generate cryptographic keys, or to offer a “public randomness service” for lotteries or blockchain applications, they say. They’re not the first to make the claim . Many sources of randomness are bia…

Over the past decade and a half, cloud computing has become a foundational technology. It started as a way to rent servers but has evolved into a complex ecosystem that supports everything from basic infrastructure shifts to transformative AI initiatives. Having advised enterprises on thousands of cloud projects over the years, I have seen that most projects fall into a handful of categories. I c…

Open source code is everywhere in the enterprise; it’s estimated that upwards of 90% of Fortune 500 companies have it in their software supply chains. But open source code is notoriously rife with vulnerabilities, and identifying and patching those bugs can be an endless battle for security teams. IBM and Red Hat are betting that a new initiative, Project Lightwell , can help accelerate this proc…

A newly discovered and so far unpatched critical vulnerability in the open source Gogs Git service not only demands immediate action from developers to secure their code, it also puts a spotlight on the potential issues in using self-hosted code platforms from small maintainers. The hole is a critical argument injection vulnerability, discovered by a researcher at Rapid7, that allows any authenti…

According to Sonar’s State of Code Developer Survey report for 2026 , based on a survey of over 1,100 developers, 42% of committed code is now AI-assisted, and roughly 29% of it gets merged without manual review. Not “light review.” No review at all. The industry’s response has been predictable: more guardrails. Static analysis. Token linting. Visual regression testing. Accessibility audits. Secu…

Taking down a sprawling malware operation once signaled progress in securing the open-source ecosystem. Now, it barely registers. The GlassWorm campaign disruption comes at a moment when attackers can quickly reconstitute, and defenders are increasingly grappling with a new challenge: distinguishing real threats from automated noise. “I think coordinated actions, like GlassWorm, can sever control…

For years, software developers on H-1B visas benefited from steady demand among US technology employers. That market is becoming more selective as companies redirect spending toward AI and rely more heavily on coding assistants. Recent layoffs at companies including Meta and Amazon have added to the uncertainty, with engineering and software roles affected even as major technology companies conti…

Snowflake said it plans to acquire US-based startup Natoma to boost governance, security, and connectivity for AI agents operating across heterogeneous enterprise environments, amid growing efforts by organizations to move agentic AI workflows from pilots into production. The cloud data platform provider is betting that enterprises will increasingly require centralized governance, identity contro…

A single malformed character in a web request can let an unauthenticated attacker slip past the access controls that guard applications built on Starlette, the open-source Python framework that powers FastAPI, researchers said. The flaw, tracked as CVE-2026-48710 could allow attackers to bypass host-validation protections using malformed Host headers, according to an advisory from cybersecurity f…

I don’t even know what a software engineer is supposed to be doing anymore. Do we code? Do we architect systems? AI agents have changed everything, and I don’t even know what to think. I don’t write much code anymore. In my day job, I ask Claude to do most of the analysis, planning, and coding. My side projects are 100% written by Claude Code , and in some of these, I literally haven’t even revie…

With the rise of agentic AI , developers need secure but also lightweight solutions for running their agents. The agent should be able to do all the things a human developer could do with containers — build them, install software into them, and modify files they have access to — but in a way that protects the host system from the agent doing something destructive . Docker offers several different…

AI agents look brilliant in a demo because demos are friendly worlds. The data is curated, the tools behave, and nothing important changes while the agent is in mid-thought. Production is the opposite: data arrives late, facts conflict, permissions bite, APIs time out, and the underlying state changes constantly. That gap is why early “agents in production” often get scoped down to something safe…