[{"data":1,"prerenderedAt":1032},["ShallowReactive",2],{"/en-us/the-source":3,"footer-en-us":36,"the-source-banner-en-us":381,"the-source-navigation-en-us":393,"the-source-newsletter-en-us":421,"footer-source-/en-us/the-source/":432,"featured-article-en-us":446,"the-source-ai-landing-category-en-us":487,"the-source-security-landing-category-en-us":511,"the-source-platform-landing-category-en-us":532,"authors-en-us":553,"categories-en-us":591,"hero-most-recent-articles-en-us":592,"security-landing-most-recent-articles-en-us":706,"platform-landing-most-recent-articles-en-us":778,"ai-landing-most-recent-articles-en-us":865,"the-source-security-landing-resources-en-us":916,"the-source-platform-landing-resources-en-us":958,"the-source-ai-landing-resources-en-us":995},{"_path":4,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"config":8,"seo":10,"content":13,"_id":30,"_type":31,"title":7,"_source":32,"_file":33,"_stem":34,"_extension":35},"/en-us/the-source","en-us",false,"",{"layout":9},"the-source",{"title":11,"description":12},"The Source: Insights for the future of software development","Your decision-making partner for transformative strategies and expert technology advice.",[14,16,21,26],{"componentName":15},"TheSourceLandingHero",{"componentName":17,"componentContent":18},"TheSourceLandingCategory",{"config":19},{"category":20},"ai",{"componentName":17,"componentContent":22},{"config":23},{"category":24,"theme":25},"security","surface",{"componentName":17,"componentContent":27},{"config":28},{"category":29},"platform","content:en-us:the-source:index.yml","yaml","content","en-us/the-source/index.yml","en-us/the-source/index","yml",{"_path":37,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"data":38,"_id":377,"_type":31,"title":378,"_source":32,"_file":379,"_stem":380,"_extension":35},"/shared/en-us/main-footer",{"text":39,"source":40,"edit":46,"contribute":51,"config":56,"items":61,"minimal":366},"Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license",{"text":41,"config":42},"View page source",{"href":43,"dataGaName":44,"dataGaLocation":45},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/","page source","footer",{"text":47,"config":48},"Edit this page",{"href":49,"dataGaName":50,"dataGaLocation":45},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/content/","web ide",{"text":52,"config":53},"Please contribute",{"href":54,"dataGaName":55,"dataGaLocation":45},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/CONTRIBUTING.md/","please contribute",{"twitter":57,"facebook":58,"youtube":59,"linkedin":60},"https://twitter.com/gitlab","https://www.facebook.com/gitlab","https://www.youtube.com/channel/UCnMGQ8QHMAnVIsI3xJrihhg","https://www.linkedin.com/company/gitlab-com",[62,120,177,236,304],{"title":63,"links":64,"subMenu":80},"Pricing",[65,70,75],{"text":66,"config":67},"View plans",{"href":68,"dataGaName":69,"dataGaLocation":45},"/pricing/","view plans",{"text":71,"config":72},"Why Premium?",{"href":73,"dataGaName":74,"dataGaLocation":45},"/pricing/premium/","why premium",{"text":76,"config":77},"Why Ultimate?",{"href":78,"dataGaName":79,"dataGaLocation":45},"/pricing/ultimate/","why ultimate",[81],{"title":82,"links":83},"Contact Us",[84,89,94,99,104,109,114],{"text":85,"config":86},"Contact sales",{"href":87,"dataGaName":88,"dataGaLocation":45},"/sales/","sales",{"text":90,"config":91},"Support portal",{"href":92,"dataGaName":93,"dataGaLocation":45},"https://support.gitlab.com","support portal",{"text":95,"config":96},"Customer portal",{"href":97,"dataGaName":98,"dataGaLocation":45},"https://customers.gitlab.com/customers/sign_in/","customer portal",{"text":100,"config":101},"Status",{"href":102,"dataGaName":103,"dataGaLocation":45},"https://status.gitlab.com/","status",{"text":105,"config":106},"Terms of use",{"href":107,"dataGaName":108,"dataGaLocation":45},"/terms/","terms of use",{"text":110,"config":111},"Privacy statement",{"href":112,"dataGaName":113,"dataGaLocation":45},"/privacy/","privacy statement",{"text":115,"config":116},"Cookie preferences",{"dataGaName":117,"dataGaLocation":45,"id":118,"isOneTrustButton":119},"cookie preferences","ot-sdk-btn",true,{"title":121,"links":122,"subMenu":133},"Product",[123,128],{"text":124,"config":125},"DevSecOps platform",{"href":126,"dataGaName":127,"dataGaLocation":45},"/platform/","devsecops platform",{"text":129,"config":130},"AI-Assisted Development",{"href":131,"dataGaName":132,"dataGaLocation":45},"/gitlab-duo/","ai-assisted development",[134],{"title":135,"links":136},"Topics",[137,142,147,152,157,162,167,172],{"text":138,"config":139},"CICD",{"href":140,"dataGaName":141,"dataGaLocation":45},"/topics/ci-cd/","cicd",{"text":143,"config":144},"GitOps",{"href":145,"dataGaName":146,"dataGaLocation":45},"/topics/gitops/","gitops",{"text":148,"config":149},"DevOps",{"href":150,"dataGaName":151,"dataGaLocation":45},"/topics/devops/","devops",{"text":153,"config":154},"Version Control",{"href":155,"dataGaName":156,"dataGaLocation":45},"/topics/version-control/","version control",{"text":158,"config":159},"DevSecOps",{"href":160,"dataGaName":161,"dataGaLocation":45},"/topics/devsecops/","devsecops",{"text":163,"config":164},"Cloud Native",{"href":165,"dataGaName":166,"dataGaLocation":45},"/topics/cloud-native/","cloud native",{"text":168,"config":169},"AI for Coding",{"href":170,"dataGaName":171,"dataGaLocation":45},"/topics/devops/ai-for-coding/","ai for coding",{"text":173,"config":174},"Agentic AI",{"href":175,"dataGaName":176,"dataGaLocation":45},"/topics/agentic-ai/","agentic ai",{"title":178,"links":179},"Solutions",[180,184,189,194,199,203,208,211,216,221,226,231],{"text":181,"config":182},"Application Security Testing",{"href":183,"dataGaName":181,"dataGaLocation":45},"/solutions/application-security-testing/",{"text":185,"config":186},"Automated software delivery",{"href":187,"dataGaName":188,"dataGaLocation":45},"/solutions/delivery-automation/","automated software delivery",{"text":190,"config":191},"Agile development",{"href":192,"dataGaName":193,"dataGaLocation":45},"/solutions/agile-delivery/","agile delivery",{"text":195,"config":196},"SCM",{"href":197,"dataGaName":198,"dataGaLocation":45},"/solutions/source-code-management/","source code management",{"text":138,"config":200},{"href":201,"dataGaName":202,"dataGaLocation":45},"/solutions/continuous-integration/","continuous integration & delivery",{"text":204,"config":205},"Value stream management",{"href":206,"dataGaName":207,"dataGaLocation":45},"/solutions/value-stream-management/","value stream management",{"text":143,"config":209},{"href":210,"dataGaName":146,"dataGaLocation":45},"/solutions/gitops/",{"text":212,"config":213},"Enterprise",{"href":214,"dataGaName":215,"dataGaLocation":45},"/enterprise/","enterprise",{"text":217,"config":218},"Small business",{"href":219,"dataGaName":220,"dataGaLocation":45},"/small-business/","small business",{"text":222,"config":223},"Public sector",{"href":224,"dataGaName":225,"dataGaLocation":45},"/solutions/public-sector/","public sector",{"text":227,"config":228},"Education",{"href":229,"dataGaName":230,"dataGaLocation":45},"/solutions/education/","education",{"text":232,"config":233},"Financial services",{"href":234,"dataGaName":235,"dataGaLocation":45},"/solutions/finance/","financial services",{"title":237,"links":238},"Resources",[239,244,249,254,259,264,269,274,279,284,289,294,299],{"text":240,"config":241},"Install",{"href":242,"dataGaName":243,"dataGaLocation":45},"/install/","install",{"text":245,"config":246},"Quick start guides",{"href":247,"dataGaName":248,"dataGaLocation":45},"/get-started/","quick setup checklists",{"text":250,"config":251},"Learn",{"href":252,"dataGaName":253,"dataGaLocation":45},"https://university.gitlab.com/","learn",{"text":255,"config":256},"Product documentation",{"href":257,"dataGaName":258,"dataGaLocation":45},"https://docs.gitlab.com/","docs",{"text":260,"config":261},"Blog",{"href":262,"dataGaName":263,"dataGaLocation":45},"/blog/","blog",{"text":265,"config":266},"Customer success stories",{"href":267,"dataGaName":268,"dataGaLocation":45},"/customers/","customer success stories",{"text":270,"config":271},"Remote",{"href":272,"dataGaName":273,"dataGaLocation":45},"https://handbook.gitlab.com/handbook/company/culture/all-remote/","remote",{"text":275,"config":276},"GitLab Services",{"href":277,"dataGaName":278,"dataGaLocation":45},"/services/","services",{"text":280,"config":281},"TeamOps",{"href":282,"dataGaName":283,"dataGaLocation":45},"/teamops/","teamops",{"text":285,"config":286},"Community",{"href":287,"dataGaName":288,"dataGaLocation":45},"/community/","community",{"text":290,"config":291},"Forum",{"href":292,"dataGaName":293,"dataGaLocation":45},"https://forum.gitlab.com/","forum",{"text":295,"config":296},"Events",{"href":297,"dataGaName":298,"dataGaLocation":45},"/events/","events",{"text":300,"config":301},"Partners",{"href":302,"dataGaName":303,"dataGaLocation":45},"/partners/","partners",{"title":305,"links":306},"Company",[307,312,317,322,327,332,337,341,346,351,356,361],{"text":308,"config":309},"About",{"href":310,"dataGaName":311,"dataGaLocation":45},"/company/","company",{"text":313,"config":314},"Jobs",{"href":315,"dataGaName":316,"dataGaLocation":45},"/jobs/","jobs",{"text":318,"config":319},"Leadership",{"href":320,"dataGaName":321,"dataGaLocation":45},"/company/team/e-group/","leadership",{"text":323,"config":324},"Team",{"href":325,"dataGaName":326,"dataGaLocation":45},"/company/team/","team",{"text":328,"config":329},"Handbook",{"href":330,"dataGaName":331,"dataGaLocation":45},"https://handbook.gitlab.com/","handbook",{"text":333,"config":334},"Investor relations",{"href":335,"dataGaName":336,"dataGaLocation":45},"https://ir.gitlab.com/","investor relations",{"text":338,"config":339},"Sustainability",{"href":340,"dataGaName":338,"dataGaLocation":45},"/sustainability/",{"text":342,"config":343},"Diversity, inclusion and belonging (DIB)",{"href":344,"dataGaName":345,"dataGaLocation":45},"/diversity-inclusion-belonging/","Diversity, inclusion and belonging",{"text":347,"config":348},"Trust Center",{"href":349,"dataGaName":350,"dataGaLocation":45},"/security/","trust center",{"text":352,"config":353},"Newsletter",{"href":354,"dataGaName":355,"dataGaLocation":45},"/company/contact/","newsletter",{"text":357,"config":358},"Press",{"href":359,"dataGaName":360,"dataGaLocation":45},"/press/","press",{"text":362,"config":363},"Modern Slavery Transparency Statement",{"href":364,"dataGaName":365,"dataGaLocation":45},"https://handbook.gitlab.com/handbook/legal/modern-slavery-act-transparency-statement/","modern slavery transparency statement",{"items":367},[368,371,374],{"text":369,"config":370},"Terms",{"href":107,"dataGaName":108,"dataGaLocation":45},{"text":372,"config":373},"Cookies",{"dataGaName":117,"dataGaLocation":45,"id":118,"isOneTrustButton":119},{"text":375,"config":376},"Privacy",{"href":112,"dataGaName":113,"dataGaLocation":45},"content:shared:en-us:main-footer.yml","Main Footer","shared/en-us/main-footer.yml","shared/en-us/main-footer",{"_path":382,"_dir":383,"_draft":6,"_partial":6,"_locale":7,"visibility":119,"id":384,"title":385,"button":386,"_id":390,"_type":31,"_source":32,"_file":391,"_stem":392,"_extension":35},"/shared/en-us/the-source/banner/the-economics-of-software-innovation-2025-08-18","banner","The Economics of Software Innovation","The Economics of Software Innovation—AI’s $750 Billion Opportunity",{"config":387,"text":389},{"href":388},"/software-innovation-report/","Get the research report","content:shared:en-us:the-source:banner:the-economics-of-software-innovation-2025-08-18.yml","shared/en-us/the-source/banner/the-economics-of-software-innovation-2025-08-18.yml","shared/en-us/the-source/banner/the-economics-of-software-innovation-2025-08-18",{"_path":394,"_dir":9,"_draft":6,"_partial":6,"_locale":7,"logo":395,"subscribeLink":400,"navItems":404,"_id":417,"_type":31,"title":418,"_source":32,"_file":419,"_stem":420,"_extension":35},"/shared/en-us/the-source/navigation",{"altText":396,"config":397},"the source logo",{"src":398,"href":399},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1750191004/t7wz1klfb2kxkezksv9t.svg","/the-source/",{"text":401,"config":402},"Subscribe",{"href":403},"#subscribe",[405,409,413],{"text":406,"config":407},"Artificial Intelligence",{"href":408},"/the-source/ai/",{"text":410,"config":411},"Security & Compliance",{"href":412},"/the-source/security/",{"text":414,"config":415},"Platform & Infrastructure",{"href":416},"/the-source/platform/","content:shared:en-us:the-source:navigation.yml","Navigation","shared/en-us/the-source/navigation.yml","shared/en-us/the-source/navigation",{"_path":422,"_dir":9,"_draft":6,"_partial":6,"_locale":7,"title":423,"description":424,"submitMessage":425,"formData":426,"_id":429,"_type":31,"_source":32,"_file":430,"_stem":431,"_extension":35},"/shared/en-us/the-source/newsletter","The Source Newsletter","Stay updated with insights for the future of software development.","You have successfully signed up for The Source’s newsletter.",{"config":427},{"formId":428,"formName":355,"hideRequiredLabel":119},1077,"content:shared:en-us:the-source:newsletter.yml","shared/en-us/the-source/newsletter.yml","shared/en-us/the-source/newsletter",{"_path":4,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"config":433,"seo":434,"content":435,"_id":30,"_type":31,"title":7,"_source":32,"_file":33,"_stem":34,"_extension":35},{"layout":9},{"title":11,"description":12},[436,437,440,443],{"componentName":15},{"componentName":17,"componentContent":438},{"config":439},{"category":20},{"componentName":17,"componentContent":441},{"config":442},{"category":24,"theme":25},{"componentName":17,"componentContent":444},{"config":445},{"category":29},{"_path":447,"_dir":20,"_draft":6,"_partial":6,"_locale":7,"slug":448,"type":449,"category":20,"config":450,"seo":454,"content":458,"_id":483,"_type":31,"title":484,"_source":32,"_file":485,"_stem":486,"_extension":35},"/en-us/the-source/ai/software-development-enters-the-orchestration-era","software-development-enters-the-orchestration-era","article",{"layout":9,"template":451,"featured":119,"author":452,"sourceCTA":453},"TheSourceArticle","emilio-salvador","source-lp-enterprise-guide-to-agentic-ai",{"config":455,"title":456,"description":457},{"noIndex":6},"Software development enters the orchestration era","Learn why strategic AI adoption, not speed, creates competitive advantage in software development today.",{"title":456,"description":457,"date":459,"timeToRead":460,"heroImage":461,"keyTakeaways":462,"articleBody":466,"faq":467},"2025-10-28","7 min read","https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463908/zz7ifau6dya2fn2eyuij.png",[463,464,465],"Experienced developers using AI tools have been shown to work more slowly than expected, despite believing they move faster, highlighting a gap between perception and reality when it comes to AI.","Two critical roles are emerging: Cognitive Architects who design how AI agents think, and AI Guardians who ensure quality across the development lifecycle.","Only 5% of enterprise AI pilots deliver measurable business value. Success requires clear KPIs, workflow integration, and executive-level champions.","As a parent watching my two college-age children navigate their education in an AI-driven world, I find myself asking a question that every technology leader should be asking about their teams: How do people develop critical thinking skills when AI can handle so much of their work?\n\nThis isn't just a parental concern. It's the central challenge facing software development today. The headlines promised that AI would replace developers and automate everything. Companies panicked and cut hiring. But the reality we're seeing in 2025 tells a very different story.\n\n## The AI perception gap\n[Recent research from MIT](https://fortune.com/2025/08/21/an-mit-report-that-95-of-ai-pilots-fail-spooked-investors-but-the-reason-why-those-pilots-failed-is-what-should-make-the-c-suite-anxious/) reveals an uncomfortable truth: 95% of enterprise AI pilots fail to deliver measurable returns or impact on profit. You might assume these companies simply chose the wrong AI tools, but the problem runs deeper.\n\nEven experienced developers using the best available AI tools face unexpected challenges. According to [research measuring the impact of early-2025 AI tools](https://metr.org/blog/2025-07-10-early-2025-ai-experienced-os-dev-study/) on developer productivity, developers expected to work 24% faster with AI assistance, but were in fact 19% slower. Even more striking, after experiencing this slowdown, they still believed they had been faster.\n\nThis perception gap matters. It shows we're not yet asking the right questions about how humans and AI should work together.\n\n## Why human insight remains essential\nDespite the fear-driven headlines, the data reveals something surprising. According to [GitLab's 2025 survey](https://about.gitlab.com/software-innovation-report/) of C-level executives, 99% of executives say human contributions remain valuable for software development. The most valued human inputs are creativity, strategic vision, and collaboration.\n\nThe market isn't moving away from developers. It's redefining what developers do.\n\nConsider the difference between optimization and reimagination. AI excels at the former. [Jan Wassenberg's breakthrough with vectorized quicksort](https://onlinelibrary.wiley.com/doi/abs/10.1002/spe.3142) demonstrates the latter. AI can generate perfectly optimized sorting code, but it took human insight to step back and ask: \"What if we sort multiple elements simultaneously using vector instructions?\" The result was three times faster than what AI produced.\n\nAI can optimize the solution you give it. Only humans can question whether you're solving the right problem.\n\nThis distinction becomes even more critical when you consider the complexity of enterprise applications. Development involves more than coding. What happens when you add existing codebases, compliance requirements, legacy system integrations, and enterprise security? Human creativity becomes essential.\n\n## Three predictions for 2026\nBased on what I’m seeing with customers and in the broader market, I expect three major shifts to reshape software development in the coming year.\n\n### Prediction 1: Two new developer roles will dominate the AI era\nTwo new types of developers represent entirely new career paths that will become increasingly valuable in AI-forward organizations. The first is the **Cognitive Architect**. These are your best developers who have moved beyond writing code to thinking about entire systems. Instead of managing human teams, they'll orchestrate AI agents. They'll break down complex business problems and design \"blueprints of thought\" — not writing code, but designing how the thinking should work.\n\nThe second role is the **AI Guardian**. As AI democratizes application creation, everyone from developers to product managers will be building applications. Someone will need to ensure these applications are secure, perform well, and actually work in production across the entire development lifecycle. AI Guardians will be the gatekeepers of quality in this new world.\n\nTogether, these roles represent the strategists and gatekeepers of the AI era. With [99% of executives](https://about.gitlab.com/software-innovation-report/) believing human contributions remain valuable for software development, and 52% citing cybersecurity as their top AI concern, companies will invest heavily in professionals who can bridge human creativity with AI capability while ensuring security from prompt to production.\n\n### Prediction 2: Strategic adoption will become the differentiator\nWinning organizations won’t necessarily be those who adopt AI fastest. They’ll be the most *strategic* about AI adoption.\n\nThe 2025 DORA Report, [The State of AI-assisted Software Development](https://dora.dev/research/2025/dora-report/), highlights a \"trust paradox\" when it comes to AI. While AI adoption is high, a notable 30% of respondents said they have little to no trust in AI-generated code. This suggests that developers are using AI as a supportive tool to enhance their work rather than as a complete replacement for human judgment.\n\nA key takeaway is that the success of AI is less about the tools themselves and more about the underlying organizational and technical systems. In high-performing, cohesive organizations, AI boosts efficiency and accelerates innovation. Conversely, in fragmented or struggling organizations, AI can exacerbate existing dysfunctions, leading to increased instability in software delivery.\n\nThe 5% of MIT enterprise pilots that succeeded share common characteristics. They solve concrete business problems. They define measurable KPIs from day one. They integrate smoothly into existing workflows. And they have champions at every level, from engineers to executives.\n\nIn GitLab’s research, [89% of executives](https://about.gitlab.com/software-innovation-report/) told us they expect agentic AI to become standard within three years. The real differentiator will be calibrating exactly which tasks benefit from human creativity and judgment versus which should be automated. Organizations that successfully strike this balance will create compounding advantages, freeing developers to focus on high-value architectural decisions while AI handles code generation and routine maintenance.\n\n### Prediction 3: Meta-agents will coordinate specialized AI\nBy 2030, we could see 100 times more code being committed than today. Current development processes can’t handle that scale.\n\nThis reality will drive the emergence of what I call “meta-agents”: AI project managers that manage other agents. Right now, we have agents that write code or debug. Meta-agents will coordinate specialized agents (one for coding, one for testing, one for deployment, and so on) while humans oversee strategy and direction.\n\nFor human developers, this represents a transition from writing code to high-level strategy, architecture design, and oversight. Developers will become directors who guide AI's vast capabilities to build software at unprecedented speed and scale.\n\n## The foundation: Context and infrastructure\nMaking this orchestration work requires context. AI agents can't just see one repository or one prompt. They need to understand your plans, tests, compliance checks, security scans: the entire software development lifecycle.\n\nBut context is expensive. As language model context windows grow larger, they become more costly. How do you stay flexible while keeping everything connected and secure?\n\nThis is where [interoperability and extensibility](https://about.gitlab.com/the-source/ai/how-agentic-ai-unlocks-platform-engineering-potential/) become critical. The orchestration challenge intensifies exponentially when your platform supports multiple agents: proprietary tools from your vendors, third-party agents from the open source community, and custom agents built by your own teams for specialized workflows. Each agent needs consistent access to the same underlying context while operating within appropriate security boundaries.\n\nOrganizations need infrastructure that doesn’t force them into a single AI vendor or limit their ability to build custom solutions. Platform thinking matters here — a unified platform approach, with a consistent data model across development, security, and operations, enables different agents to work together effectively. The platform becomes the conductor, ensuring that whether you're using a commercial coding assistant, an open-source testing agent, or a custom compliance checker your team built, they all have the context and governance rails they need to operate as part of a coordinated system.\n\nThis flexibility to choose and create agents while maintaining orchestration is what separates tactical AI adoption from strategic advantage.\n\n## Looking forward\nThe AI orchestration era is here. But it's not what the headlines promised. It's not about replacing developers or automating everything. It's about building systems where humans and AI can do their best work together.\n\nWhen I think about my children's future, I don't worry about AI taking over. I look forward to them having tools that amplify their creativity, problem-solving, and judgment — things only humans can provide.\n\nThe future belongs to developers who embrace becoming AI orchestrators, and to organizations that build the infrastructure to support them. The question isn't whether humans and AI will work together, but how strategically you'll make that partnership work.\n\n> [Join our upcoming webinar with DORA and GitLab experts](https://about.gitlab.com/the-source/ai/webcast-nov18-dora-gitlab-maximizing-ai-impact/) to discover what really determines AI success in software development teams.",[468,471,474,477,480],{"header":469,"content":470},"What is the AI perception gap in developer productivity?","Research measuring early-2025 AI tools on developer productivity found that developers expected to work 24% faster with AI assistance but were actually 19% slower. Even after experiencing this slowdown, developers still believed they had been faster, revealing a significant gap between perception and reality in AI-assisted development.",{"header":472,"content":473},"What are the two emerging developer roles in the AI orchestration era?","Cognitive Architects are developers who design how AI agents think, breaking down complex business problems and creating thought blueprints rather than writing code or managing human teams. AI Guardians serve as gatekeepers of quality, ensuring applications built by developers and product managers using AI are secure, perform well, and work in production across the entire development lifecycle.",{"header":475,"content":476},"Why do most enterprise AI pilots fail to deliver business value?","Research shows 95% of enterprise AI pilots fail to deliver measurable returns or profit impact. The 5% that succeed share common characteristics: they solve concrete business problems, define measurable KPIs from day one, integrate smoothly into existing workflows, and have champions at every level from engineers to executives.",{"header":478,"content":479},"How will meta-agents change software development by 2030?","Meta-agents will function as AI project managers that coordinate specialized agents for coding, testing, deployment, and other tasks while humans oversee strategy and direction. This emergence responds to predictions of 100 times more code being committed than today, which current development processes cannot handle at scale.",{"header":481,"content":482},"What do organizations need to enable effective AI orchestration in development?","Organizations need AI agents to understand the entire software development lifecycle including plans, tests, compliance checks, and security scans, not just single repositories or prompts. A unified platform approach with consistent data model across development, security, and operations enables this orchestration through infrastructure that integrates with chosen AI tools while providing necessary context and governance.","content:en-us:the-source:ai:software-development-enters-the-orchestration-era.yml","Software Development Enters The Orchestration Era","en-us/the-source/ai/software-development-enters-the-orchestration-era.yml","en-us/the-source/ai/software-development-enters-the-orchestration-era",{"_path":488,"_dir":9,"_draft":6,"_partial":6,"_locale":7,"type":489,"config":490,"seo":491,"content":494,"slug":20,"_id":508,"_type":31,"title":7,"_source":32,"_file":509,"_stem":510,"_extension":35},"/en-us/the-source/ai","category",{"layout":9},{"title":406,"description":492,"ogImage":493},"Explore expert insights on how AI is transforming software development, and how organizations can get the most out of their AI investments.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463300/eoudcbj5aoucl0spsp0c.png",[495,500],{"componentName":496,"type":496,"componentContent":497},"TheSourceCategoryHero",{"title":406,"description":492,"image":498},{"config":499},{"src":493},{"componentName":501,"type":501,"componentContent":502},"TheSourceCategoryMainSection",{"config":503},{"sourceCTAs":504},[505,506,507],"source-lp-how-to-get-started-using-ai-in-software-development","navigating-ai-maturity-in-devsecops","source-lp-ai-guide-for-enterprise-leaders-building-the-right-approach","content:en-us:the-source:ai:index.yml","en-us/the-source/ai/index.yml","en-us/the-source/ai/index",{"_path":512,"_dir":9,"_draft":6,"_partial":6,"_locale":7,"type":489,"config":513,"seo":514,"content":517,"slug":24,"_id":529,"_type":31,"title":7,"_source":32,"_file":530,"_stem":531,"_extension":35},"/en-us/the-source/security",{"layout":9},{"title":410,"description":515,"ogImage":516},"Get up to speed on how organizations can ensure they're staying on top of evolving security threats and compliance requirements.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463273/aplkxrvwpii26xao5yhi.png",[518,522],{"componentName":496,"type":496,"componentContent":519},{"title":410,"description":515,"image":520},{"config":521},{"src":516},{"componentName":501,"type":501,"componentContent":523},{"config":524},{"sourceCTAs":525},[526,527,528],"source-lp-guide-to-dynamic-sboms","source-lp-devsecops-the-key-to-modern-security-resilience","application-security-in-the-digital-age","content:en-us:the-source:security:index.yml","en-us/the-source/security/index.yml","en-us/the-source/security/index",{"_path":533,"_dir":9,"_draft":6,"_partial":6,"_locale":7,"type":489,"config":534,"seo":535,"content":538,"slug":29,"_id":550,"_type":31,"title":7,"_source":32,"_file":551,"_stem":552,"_extension":35},"/en-us/the-source/platform",{"layout":9},{"title":414,"description":536,"ogImage":537},"Learn how to build a DevSecOps framework that sets your team up for success, from planning to delivery.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463263/bdz7hmhpbmgwvoybcaud.png",[539,543],{"componentName":496,"type":496,"componentContent":540},{"title":414,"description":536,"image":541},{"config":542},{"src":537},{"componentName":501,"type":501,"componentContent":544},{"config":545},{"sourceCTAs":546},[547,548,549],"source-lp-the-ultimate-playbook-for-high-performing-devsecops-teams","source-lp-measuring-success-in-software-development-a-guide-for-leaders","source-lp-building-a-resilient-software-development-practice","content:en-us:the-source:platform:index.yml","en-us/the-source/platform/index.yml","en-us/the-source/platform/index",{"amanda-rueda":554,"andre-michael-braun":555,"andrew-haschka":556,"ayoub-fandi":557,"bob-stevens":558,"brian-wald":559,"bryan-ross":560,"chandler-gibbons":561,"cherry-han":562,"dave-steer":563,"ddesanto":564,"derek-debellis":565,"emilio-salvador":566,"erika-feldman":567,"george-kichukov":568,"gitlab":569,"grant-hickman":570,"haim-snir":571,"iganbaruch":572,"jason-morgan":573,"jessie-young":574,"jlongo":575,"joel-krooswyk":576,"josh-lemos":577,"julie-griffin":578,"kristina-weis":579,"lee-faus":580,"marco-caronna":581,"nathen-harvey":582,"ncregan":583,"rob-smith":584,"rschulman":585,"sabrina-farmer":586,"sandra-gittlen":587,"sharon-gaudin":588,"stephen-walters":589,"taylor-mccaslin":590},"Amanda Rueda","Andre Michael Braun","Andrew Haschka","Ayoub Fandi","Bob Stevens","Brian Wald","Bryan Ross","Chandler Gibbons","Cherry Han","Dave Steer","David DeSanto","Derek DeBellis","Emilio Salvador","Erika Feldman","George Kichukov","GitLab","Grant Hickman","Haim Snir","Itzik Gan Baruch","Jason Morgan","Jessie Young","Joseph Longo","Joel Krooswyk","Josh Lemos","Julie Griffin","Kristina Weis","Lee Faus","Marco Caronna","Nathen Harvey","Niall Cregan","Rob Smith","Robin Schulman","Sabrina Farmer","Sandra Gittlen","Sharon Gaudin","Stephen Walters","Taylor McCaslin",{"ai":406,"platform":414,"security":410},[593,630,667],{"_path":594,"_dir":29,"_draft":6,"_partial":6,"_locale":7,"slug":595,"type":449,"category":29,"config":596,"seo":598,"content":602,"_id":626,"_type":31,"title":627,"_source":32,"_file":628,"_stem":629,"_extension":35},"/en-us/the-source/platform/unlocking-software-driven-business-transformation-in-telco","unlocking-software-driven-business-transformation-in-telco",{"layout":9,"template":451,"featured":6,"author":597,"sourceCTA":547},"marco-caronna",{"config":599,"title":600,"description":601},{"noIndex":6},"Unlocking software-driven business transformation in telco","How AI-native DevSecOps and GitOps help telcos open new revenue streams, accelerate innovation, and outflank tech-native competitors.",{"title":600,"description":601,"date":603,"timeToRead":460,"heroImage":604,"keyTakeaways":605,"articleBody":609,"faq":610},"2025-11-04","https://res.cloudinary.com/about-gitlab-com/image/upload/v1762195291/e2zdeclyrqtso3flxlyw.png",[606,607,608],"Telcos must transform from hardware-centric infrastructure to software-driven operations to compete with digital-native companies capturing value from their networks.","A unified AI-native platform with DevSecOps and GitOps eliminates operational silos, accelerates innovation through agentic AI, and automates security and compliance.","GitOps and infrastructure automation enable 5G network function deployments with version-controlled configurations, audit trails, and instant rollback capabilities.","Over the past several years, I've watched telecommunications companies navigate an increasingly difficult paradox. The telco executives I speak with routinely describe investing billions in network infrastructure, only to struggle capturing value from those investments. The numbers tell a sobering story: in 2024, the return on invested capital (ROIC) for telcos dropped well below the median weighted average cost of capital (WACC), [falling as far as 6.7%](https://www.bcg.com/publications/2025/boosting-value-creation-in-telcos).\n\n\nWhat makes this particularly frustrating for these leaders is watching  digital-native companies like Netflix, WhatsApp, and Google generate [massive revenues](https://wjarr.com/sites/default/files/WJARR-2024-0113.pdf) using the very infrastructure telcos built. Time and again, I've seen telcos relegated to the sidelines as their networks, which are increasingly commoditized, create immense value for tech companies and hyperscalers.\n\n\nThe telecommunications executives who grasp this reality understand that Communication Service Providers (CSPs) and Network Equipment Providers (NEPs) must transform into software-driven technology companies. In my experience working with industry leaders, those that make the \"telco-to-techco\" transition position themselves for competitive advantage and unlock new growth opportunities that their competitors miss.\n\n## Why legacy software development approaches undermine telco innovation\nWhether you are a CSP diversifying into digital services or a NEP delivering cloud-native network functions, you need a modern software development foundation on which to build. Unfortunately, legacy processes prevent many telcos from establishing this foundation.\n\n### Innovation velocity gaps \nSome telcos have release cycles that are 18+ months long. Digital-native competitors, on the other hand, iterate through continuous deployment cycles in days or weeks. Hardware-based deployments play a big role in creating these innovation bottlenecks, prompting the industry shift toward software-based alternatives.\n \nThe innovation velocity gap impacts CSPs' revenue diversification efforts because new digital services require rapid iteration to find market fit. Subsidiaries tasked with entering IoT, edge computing, or digital payment solutions struggle to compete when constrained by legacy processes.\n\nNEPs face similar pressures, as lengthy development and deployment cycles strain relationships with CSPs who need faster deployment and reconfiguration of network modernization solutions.\n\n### Security and compliance overhead \nRegulatory requirements add complexity, leading to more inefficiency. The General Data Protection Regulation (GDPR) requires comprehensive data lineage tracking and audit trails. Industry best practices, including ETSI guidance on NFV testing and operations (such as NFV-TST 006), recommend that CSPs and NEPs adopt synchronized software delivery processes through continuous integration and delivery (CI/CD).\n\nUnfortunately, due to fragmented development toolchains, telcos must aggregate data across incompatible systems, maintain audit trails, and coordinate deployments — often in a manual fashion.\n\n### Barriers to AI-powered automation\nAI-powered software development presents a major opportunity for telcos, but fragmented toolchains hinder effective AI implementations. This may partly explain why [telcos trail other industries](https://about.gitlab.com/the-source/platform/whats-next-in-devsecops-for-telecommunications/) in operationalizing AI.\n\nWhen contextual data is sprawled across disparate systems, it leaves AI with a limited view of your business. Because AI systems thrive on context, this restricted view leads to poor outputs. \n\nSecurity and governance further complicate matters. Telcos must carefully control which data AI tools can access, implement governance policies, and avoid vendors that train their models on proprietary data.\n\nLastly, popular AI point solutions fixate on code generation while neglecting the broader software development lifecycle. Developers spend [less than a quarter of their time writing code](https://about.gitlab.com/developer-survey). What about the other three-quarters of the development process? Telcos that rely on these AI coding assistants will struggle to meaningfully improve their time-to-market.\n\n## Driving telco transformation with a unified AI-native platform \nA unified AI-native platform that enables both DevSecOps and GitOps practices removes the many barriers to telco transformation. It accelerates innovation on a large scale while strengthening security and compliance.\n\n### Platform unification removes operational silos\nA unified platform eliminates operational silos that cause widespread inefficiency. It replaces fragmented toolchains with integrated workflows, enabling better collaboration between network operations and digital services teams — and removes the need to translate data between incompatible systems. Key outcomes include:\n* **Greater capital efficiency**: CSPs avoid excessive tool investments across subsidiaries and business units\n* **Accelerated market responsiveness**: Teams launch new services faster through better coordination\n* **Vendor ecosystem optimization**: NEPs deliver software updates and network functions through standardized processes that CSPs can integrate seamlessly\n* **Strategic execution alignment**: Network modernization and revenue diversification initiatives improve with shared visibility and better coordination\n* **Reduced talent waste**: Engineering resources focus on customer value creation rather than managing tools\n\n### Agentic AI acts as a force multiplier\nWhen a platform natively integrates agentic AI capabilities across both development and infrastructure operations, it yields large-scale productivity gains. The platform orchestrates autonomous AI workflows across the entire software lifecycle, enabling human-AI collaboration with complete business context. This delivers:\n* **Revenue acceleration through automation**: Addresses the entire software development process beyond code generation, enabling telcos to launch digital services faster and capture emerging IoT, edge computing, 5G applications, and other high-growth digital markets \n* **Dramatic cycle time reduction**: Development cycles accelerate from months to weeks/days\n* **Operational cost reduction**: Automatic CI/CD pipeline failure diagnosis and deployment optimization reduce engineering overhead, freeing teams for innovation\n* **Data sovereignty and privacy protection**: Privacy-first AI architecture with self-managed deployment options for air-gapped environments, granular permissions control, and commitment to never training models on customer data\n* **Improved competitiveness**: Enables telcos to dramatically increase their innovation velocity while maintaining regulatory compliance\n\n### Automated security and compliance removes transformation barriers\nThe platform’s DevSecOps capabilities eliminate the trade-off between speed and compliance. They automate security scanning and compliance workflows throughout the development lifecycle, strengthening telcos’ security posture while accelerating time-to-market. Critical business outcomes include:\n* **Cyber risk reduction**: Automated threat detection and vulnerability management protect against cyber attacks \n* **Supply chain transparency**: Complete visibility into third-party software components and dependencies reduces vendor risk\n* **Compliance workflow automation**: GDPR data protection, CSRD environmental reporting, and ETSI/BEREC standards adherence through automated workflows eliminates manual compliance overhead\n* **Audit readiness**: Real-time traceability and documentation reduce the time and cost of regulatory audits while ensuring continuous compliance\n* **Operational resilience**: Proactive security monitoring and automated policy enforcement prevent security incidents that can cause costly service disruptions\n\n### Infrastructure automation enables network modernization\nThe platform’s GitOps capabilities address the manual infrastructure deployments and configuration management challenges that slow telco transformation. The platform treats all network infrastructure as version-controlled code, enabling automated, consistent deployments across complex environments. Infrastructure automation delivers:\n* **Network function modernization**: Automates 5G and cloud-native network function deployments using Kubernetes orchestration, reducing deployment time while ensuring consistency across environments\n* **Multi-vendor coordination**: Standardized deployment processes enable synchronized delivery between NEPs and CSPs, meeting ETSI requirements while accelerating time-to-market for new services\n* **Risk mitigation through automation**: Version-controlled infrastructure configurations provide complete audit trails and instant rollback capabilities, reducing the operational risk that regulatory bodies and boards scrutinize\n* **Operational cost reduction**: Reduces manual configuration management, freeing engineers to focus on strategic initiatives\n\n> Learn how [Deutsche Telekom](https://about.gitlab.com/customers/deutsche-telekom/) achieved dramatic business results with GitLab, demonstrating the competitive advantage of a unified platform for telcos.\n\n## Your transformation opportunity\nThreats from digital-native competitors continue to mount. By transforming into software-driven technology companies, telcos can overcome these threats and capture more value from their infrastructure investments.\n\nA unified AI-native platform that enables both DevSecOps and GitOps practices removes transformation barriers. It eliminates operational silos, accelerates innovation through agentic AI, automates security and compliance, and enables the infrastructure automation critical for network modernization and 5G monetization.\n\nTelcos that act decisively today may emerge as industry leaders tomorrow.",[611,614,617,620,623],{"header":612,"content":613},"Why do telcos need to transition from hardware-centric to software-driven approaches?","Telcos invest billions in network infrastructure but struggle to capture value from those investments. Return on invested capital dropped well below the median weighted average cost of capital, falling as far as 6.7%. Digital-native companies like Netflix, WhatsApp, and Google generate massive revenues using telco infrastructure. Telcos watch from the sidelines as their increasingly commoditized networks create immense value for tech companies and hyperscalers.",{"header":615,"content":616},"What legacy software development challenges undermine telco innovation?","Legacy challenges include innovation velocity gaps with release cycles of 18+ months. Digital-native competitors iterate through continuous deployment cycles in days or weeks. Security and compliance overhead requires manual data aggregation across fragmented incompatible systems. Barriers to AI-powered automation occur when fragmented toolchains prevent effective AI implementations, leaving agents with limited business context.",{"header":618,"content":619},"How do unified AI-native platforms accelerate telco transformation?","Unified platforms eliminate operational silos by replacing fragmented toolchains with integrated workflows. This enables better collaboration between network operations and digital services teams. The platforms remove the need to translate data between incompatible systems. They orchestrate autonomous AI workflows across the entire software lifecycle with complete business context. Development cycles accelerate from months to weeks or days.",{"header":621,"content":622},"What business outcomes do DevSecOps capabilities provide for telecommunications companies?","DevSecOps capabilities deliver cyber risk reduction through automated threat detection and vulnerability management. They provide supply chain transparency with complete visibility into third-party components. Compliance workflow automation covers GDPR, CSRD, and ETSI/BEREC standards, eliminating manual overhead. Audit readiness comes through real-time traceability, reducing regulatory audit time and cost. Operational resilience improves through proactive security monitoring and automated policy enforcement.",{"header":624,"content":625},"How does GitOps enable network modernization for telecommunications companies?","GitOps treats all network infrastructure as version-controlled code. This enables automated consistent deployments across complex environments. It automates 5G and cloud-native network function deployments using Kubernetes orchestration. Standardized deployment processes enable multi-vendor coordination meeting ETSI requirements. Version-controlled configurations provide complete audit trails and instant rollback capabilities. This reduces manual configuration management, freeing engineers for strategic initiatives.","content:en-us:the-source:platform:unlocking-software-driven-business-transformation-in-telco.yml","Unlocking Software Driven Business Transformation In Telco","en-us/the-source/platform/unlocking-software-driven-business-transformation-in-telco.yml","en-us/the-source/platform/unlocking-software-driven-business-transformation-in-telco",{"_path":631,"_dir":20,"_draft":6,"_partial":6,"_locale":7,"slug":632,"type":449,"category":20,"config":633,"seo":635,"content":639,"_id":663,"_type":31,"title":664,"_source":32,"_file":665,"_stem":666,"_extension":35},"/en-us/the-source/ai/why-banks-need-agentic-ai-platforms-not-more-ai-tools","why-banks-need-agentic-ai-platforms-not-more-ai-tools",{"layout":9,"template":451,"featured":6,"author":634,"sourceCTA":453},"cherry-han",{"config":636,"title":637,"description":638},{"noIndex":6},"Why banks need agentic AI platforms, not more AI tools","Leading banks are moving from AI assistants to agent platforms. Learn why orchestrated AI at scale is the key to unlocking $762B in productivity gains.",{"title":637,"description":638,"date":640,"timeToRead":460,"heroImage":641,"keyTakeaways":642,"articleBody":646,"faq":647},"2025-10-30","https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463876/kiw4eb54r8xtzztvbozf.jpg",[643,644,645],"Banks using AI agent platforms see 55% productivity gains by orchestrating work across siloed DevSecOps toolchains, not just assisting individual developers.","Enterprise platforms provide the security controls banks need: PII masking, break-glass protocols, and operation within existing security perimeters.","Success requires investing in people alongside technology — 94% of executives prioritize training teams to orchestrate AI agents, not just use them.","A fundamental shift has occurred in my conversations with technology leaders at the world's largest banks. Six months ago, they asked about AI pilots. Today, they're asking how to orchestrate a fleet of AI agents to automate and manage their entire technology estate. The question has evolved from \"Should we use AI?\" to \"How do we scale AI responsibly across tens of thousands of developers and millions of lines of code?\"\n\nA convergence of pressures is driving these shifts: competitors moving faster, regulatory requirements growing more complex, and the realization that individual AI coding assistants, while useful, aren't enough to transform how banks build and maintain software.\n\n## The reality of banking technology today\nBanks operate some of the most sophisticated technology infrastructures on the planet, yet their developers spend [less than a quarter of their time actually writing new code](https://about.gitlab.com/the-source/platform/why-software-logistics-is-key-to-accelerating-innovation/). Individual AI coding assistants have helped improve productivity, but they don't address the fundamental challenge: banks need to automate and orchestrate work across entire teams and systems, not just make individual developers produce more code faster.\n\nThe pattern is consistent across banking technology organizations: a new regulation or audit finding presents a gap, leading to the adoption of a specialized tool to address that specific area. This cycle repeats with each compliance requirement, each audit finding, each new risk adding another tool to the stack. After years of this reactive approach, banks operate with numerous different systems for source control, CI/CD pipelines, security scanning, compliance checking, and deployment, with minimal integration between them.\n\nThis fragmentation creates a fundamental barrier to AI transformation. Even when banks implement AI in individual tools, they end up with disconnected pockets of automation. The AI in a code editor can't coordinate with security scanners, which can't communicate with deployment systems. This prevents banks from executing the complex, multi-step workflows that would truly transform their operations.\n\nWhile [69% of financial services executives believe the optimal human-AI partnership should be 50/50](https://about.gitlab.com/software-innovation-report/finserv/), the reality is that humans still handle three-quarters of the work. The gap isn't about technology capability; it's about having the right platform to deploy that capability at scale.\n\n## How agent platforms are different\nThe shift from AI assistants to agent platforms represents a fundamental change in how banks can leverage AI. It's the difference between giving each developer a better tool and transforming how entire organizations deliver software.\n\nConsider what I'm seeing in practice:\n\n**A top commercial bank** is achieving rapid growth through platform consolidation and AI orchestration. By establishing a unified DevSecOps platform with built-in AI capabilities, they've created a golden path that enables intelligent automation and orchestrated workflows at scale. This single-platform approach, with dedicated infrastructure and enterprise-grade security, accelerates software innovation while maintaining complete control over their data and processes.\n\n**A leading digital financial services provider** has implemented agentic chat capabilities that surface vulnerabilities at the time of code writing and autonomously update code to address SAST scan findings and dependency issues. Their unified platform approach integrates AI across the entire software development lifecycle—from code creation through deployment—with built-in governance controls and human oversight at critical decision points. By consolidating previously siloed tools into a single AI-powered platform, they've eliminated toolchain complexity while enhancing security.\n\n**A global Fortune 500 bank** is pioneering campaign-based automation across its entire firm using custom agents. While already equipped with various AI coding assistants, they have recognized that individual developer tools aren't enough. Their platform approach enables firm-wide orchestration that no single tool could achieve.\n\n**A top international bank** transformed its delivery capabilities through a unified platform strategy that embeds AI across every stage of software development. Engineers now leverage AI-powered code suggestions, automated testing, security scanning, and deployment automation—all within a single platform that maintains enterprise security standards. This comprehensive approach brings measurable value across the entire software value chain, from ideation to production, enabling rapid delivery of innovative financial services.\n\nThese aren't incremental improvements. They're fundamental transformations in how banks operate.\n\n## What about security and governance? \nEvery banking technology leader I speak with shares the same concern: How do we scale AI while maintaining the security and governance our regulators demand? Our research validates this concern: 58% of financial services executives cite cybersecurity as their primary worry about agentic AI, while 54% are concerned about data privacy.\n\nThis is where comprehensive agent platforms become essential. Unlike consumer AI tools or individual coding assistants, enterprise agent platforms can be built with banking requirements in mind: audit trails for every action, role-based access controls, regulatory-aligned governance frameworks, and the ability to operate entirely within the bank's security perimeter. It is important for banks and financial institutions to prioritize critical features like PII data masking to automatically detect and redact sensitive information before it reaches AI models, and \"break the glass\" emergency access protocols for urgent situations.\n\nIn practice, 58% of financial institutions are already implementing regulatory-aligned governance frameworks, and 56% have established AI ethics committees. The platform approach aligns with these governance structures, providing centralized control and visibility that scattered AI tools simply cannot offer.\n\n## The human factor remains critical\nDespite the AI revolution, our research reveals that 99% of financial services executives say human contributions remain valuable for software development. The most valued human contributions are no longer writing routine code but strategic vision (43%) and creativity (42%). Developers are becoming orchestrators: defining what needs to be built, ensuring it meets business requirements, and guiding AI agents through complex problem-solving.\n\nThis shift requires significant investment in upskilling. An overwhelming 94% of executives say financial services organizations should prioritize training employees to work alongside agentic AI. \n\n## From pilot to platform: The execution strategy\nTed Ranft, AVP financial services at GitLab, has identified a clear pattern among banks successfully scaling AI. \"The banks that make the most forward progress with AI aren't the ones with the biggest budgets or the most developers. They are the ones that understand how siloed their DevSecOps toolchains have become over time. When financial services leaders approach AI as an interconnected platform play rather than a collection of tools, they unlock possibilities that simply don't exist with point solutions.\"\n\nThe financial institutions that will define the next era of banking aren't waiting for perfect solutions. They're moving now, with clear strategies:\n\n**Start with high-impact, low-risk workflows**: Pipeline migrations, automated testing, and dependency updates provide immediate value with minimal risk.\n \n**Build governance in parallel**: Don't wait to establish AI governance frameworks. The 95% of executives who have board buy-in got there by demonstrating control alongside capability.\n\n**Invest in your people**: The 53% revenue increase and 55% productivity boost from AI come from people who know how to leverage it effectively.\n\n**Think platform, not point solutions**: With over 9 in 10 financial services executives agreeing that they will need to lead with software innovation to stay ahead in the next 18 months, a platform is no longer optional — it's a requirement for success.\n\n## The competitive reality\nWith 93% of financial services executives expecting agentic AI to become the industry standard within three years, banks are racing to move from experimentation to scale.\n\nThe $762 billion global opportunity represents banks innovating at unprecedented speed while maintaining bank grade security and reliability. When you can orchestrate thousands of agents across your technology estate, you tackle technical debt that seemed insurmountable and modernize systems once too complex to touch.\n\nMost importantly, you free your human talent to focus on what humans do best: envision the future, solve complex problems, and create value for customers. The institutions moving to agent platforms today are creating the future of banking.",[648,651,654,657,660],{"header":649,"content":650},"How do AI agent platforms differ from individual AI coding assistants for banks?","Agent platforms transform how entire organizations deliver software by orchestrating work across teams and systems, not just making individual developers produce code faster. While AI coding assistants help improve productivity, agent platforms enable banks to automate and orchestrate work across entire technology estates with tens of thousands of developers and millions of lines of code.",{"header":652,"content":653},"What percentage of financial services executives expect agentic AI to become standard practice?","93% of financial services executives expect agentic AI to become the industry standard within three years, with banks racing to move from experimentation to scale. Additionally, over 9 in 10 executives agree they will need to lead with software innovation to stay ahead in the next 18 months.",{"header":655,"content":656},"What security and governance features do enterprise AI platforms provide for banking?","Enterprise agent platforms provide audit trails for every action, role-based access controls, regulatory-aligned governance frameworks, and ability to operate entirely within banks' security perimeters. Critical features include PII data masking to automatically detect and redact sensitive information before reaching AI models and break-glass emergency access protocols for urgent situations.",{"header":658,"content":659},"What is the current gap between ideal and actual human-AI partnership in financial services?","69% of financial services executives believe the optimal human-AI partnership should be 50/50, but reality shows humans still handle three-quarters of the work. The gap isn't about technology capability but about having the right platform to deploy that capability at scale across fragmented DevSecOps toolchains.",{"header":661,"content":662},"What execution strategy should banks follow when scaling AI from pilot to platform?","Banks should start with high-impact low-risk workflows like pipeline migrations, automated testing, and dependency updates; build governance frameworks in parallel rather than waiting; invest in people since productivity boosts come from teams who know how to leverage AI effectively; and think platform not point solutions as comprehensive platforms are required for successful transformation.","content:en-us:the-source:ai:why-banks-need-agentic-ai-platforms-not-more-ai-tools.yml","Why Banks Need Agentic Ai Platforms Not More Ai Tools","en-us/the-source/ai/why-banks-need-agentic-ai-platforms-not-more-ai-tools.yml","en-us/the-source/ai/why-banks-need-agentic-ai-platforms-not-more-ai-tools",{"_path":668,"_dir":24,"_draft":6,"_partial":6,"_locale":7,"slug":669,"type":449,"category":24,"config":670,"seo":673,"content":677,"_id":702,"_type":31,"title":703,"_source":32,"_file":704,"_stem":705,"_extension":35},"/en-us/the-source/security/ai-agents-are-reshaping-software-what-cisos-need-to-know","ai-agents-are-reshaping-software-what-cisos-need-to-know",{"layout":9,"template":451,"featured":119,"author":671,"sourceCTA":672},"josh-lemos","software-innovation-report-2025",{"config":674,"title":675,"description":676},{"noIndex":6},"AI agents are reshaping software: What CISOs need to know","Most executives believe AI agents will dominate software development by 2028. Here’s what security leaders must do to prepare today.",{"title":675,"description":676,"date":678,"timeToRead":679,"heroImage":680,"keyTakeaways":681,"articleBody":685,"faq":686},"2025-10-21","5 min read","https://res.cloudinary.com/about-gitlab-com/image/upload/v1761059283/rolzub9bctnigdo573kb.png",[682,683,684],"Nearly 9 in 10 executives expect AI agents to become standard in software development within three years, creating urgent security challenges.","Organizations lack proper AI governance, with nearly half missing regulatory compliance and internal policies for artificial intelligence systems.","Security leaders can prepare by implementing identity policies, monitoring frameworks, and upskilling teams for the AI-driven software future.","New research from GitLab shows that 89% of C-level executives surveyed expect AI agents will become the standard approach for building software within three years. This transformation brings significant security implications, as 85% of these leaders recognize that AI agents will introduce never-before-seen security challenges.\n\nThe findings highlight a critical dilemma facing CISOs and security professionals: They can’t afford to pause AI adoption, but they must address the emerging risks it creates. With 91% of executives surveyed planning to boost their AI investments in software development over the next 18 months, each new AI breakthrough intensifies these security concerns.\n\n## AI governance gaps create adoption barriers\nSecurity leaders clearly understand the primary risks associated with [AI agents](https://about.gitlab.com/the-source/ai/agentic-ai-unlocking-developer-potential-at-scale/). Survey participants identified cybersecurity threats (52%), data privacy and security concerns (51%), and governance challenges (45%) as their top worries. These interconnected risks continue to evolve as the technology advances.\n\nOrganizations need robust AI governance frameworks to adapt their security approaches in response to emerging threats. However, this is easier said than done, since AI impacts multiple technology areas, from data governance to identity and access management. GitLab’s research indicates that organizations are falling behind in governance frameworks as many surveyed leaders said their organizations haven’t implemented regulatory-aligned governance (47%) or internal policies (48%) around AI.\n\nThis governance gap is the result of legitimate industry-wide challenges that make it difficult for leaders to focus their efforts effectively. AI agents behave unpredictably due to their non-deterministic nature, which disrupts traditional security boundaries. Additionally, new universal protocols such as [Model Context Protocol](https://about.gitlab.com/topics/ai/model-context-protocol/) and Agent2Agent, which simplify data access and improve how agents work together, increase security complexity because they expand the attack surface and create new pathways for unauthorized access across interconnected systems.\n\nHowever, these challenges shouldn’t stop security leaders from prioritizing AI governance. Organizations waiting for comprehensive AI best practices will find themselves constantly behind the curve, and those that avoid AI altogether will still be exposed to AI risks through vendor relationships and unauthorized AI use within their environments.\n\n## Practical steps CISOs can take for AI agent readiness\nSecurity leaders should start by establishing AI observability systems that can track, audit, and attribute agent behaviors across all environments. Here are a few steps CISOs can take today to reduce AI risk and improve governance.\n\n### Establish identity policies that create accountability for agent actions\nAs AI systems proliferate, managing non-human identities will be just as critical as controlling human user access. [Composite identities](https://about.gitlab.com/blog/improve-ai-security-in-gitlab-with-composite-identities/) offer one solution by connecting AI agent credentials with the human users who direct them. This approach helps organizations to authenticate and authorize agents while maintaining clear accountability for their actions.\n\n### Implement comprehensive monitoring frameworks\nDevelopment, operations, and security teams require visibility into AI agent activities across various workflows, processes, and systems. Monitoring cannot stop at code repositories. Teams must track agent behavior in staging environments, production systems, connected databases, and all applications the agents can access.\n\n### Develop team AI capabilities\nAI literacy is now a must-have for security teams. In GitLab’s survey, 43% of respondents acknowledged a growing AI skills gap, and this is likely to expand unless technical leaders invest in team education. Training should cover model behavior, prompt engineering, and critical evaluation of model inputs and outputs.\n\nKnowing where models excel and where they underperform helps teams avoid unnecessary security risks and technical debt. For instance, models trained on anti-patterns effectively detect those specific issues but struggle with unfamiliar logic bugs. AI models that perform poorly in areas where security engineers or developers lack experience will leave security gaps that human professionals won’t be able to identify. One solution that can help is to ensure teams have sufficient expertise to validate AI outputs and catch potential errors.\n\nCISOs should consider dedicating a portion of learning and development budgets to continuous technical education. This [builds internal AI security expertise](https://about.gitlab.com/the-source/ai/from-vibe-coding-to-agentic-ai-a-roadmap-for-technical-leaders/), creating AI champions who can train colleagues and reinforce good practices.\n\n## Security benefits outweigh AI adoption risks\nProperly monitored and implemented AI actually enhances security outcomes. In fact, 45% of survey respondents ranked security as the top area where AI can add value for software development. When used to accelerate rather than replace human expertise, AI can democratize security knowledge across development teams by automating routine security tasks, providing intelligent coding suggestions, and offering security context within developer workflows.\n\nFor example, AI can explain vulnerabilities, enabling developers to resolve issues quickly without waiting for security team guidance. These capabilities help improve security outcomes, reduce risk exposure, and increase understanding between development and security teams.\n\nSuccess belongs to organizations that embrace AI — but do so carefully. Even imperfect foundational controls help teams adapt as conditions change. If the executives surveyed are right, the three-year clock is already ticking. Leaders who guide their teams toward the right AI use cases won't just minimize risk; they will gain a competitive advantage. After all, the security of your software is a core component of its quality.",[687,690,693,696,699],{"header":688,"content":689},"What percentage of executives expect AI agents to become standard practice?","89% of C-level executives surveyed expect AI agents will become the standard approach for building software within three years. Additionally, 91% of executives plan to boost their AI investments in software development over the next 18 months. However, 85% recognize that AI agents will introduce never-before-seen security challenges.",{"header":691,"content":692},"What are the top security concerns executives have about AI agents?","The primary risks identified by survey participants are cybersecurity threats at 52%, data privacy and security concerns at 51%, and governance challenges at 45%. These interconnected risks continue to evolve as AI technology advances, creating complex security implications for organizations.",{"header":694,"content":695},"How many organizations currently lack proper AI governance frameworks?","Nearly half of surveyed leaders report governance gaps in their organizations. 47% said their organizations haven't implemented regulatory-aligned governance around AI, and 48% lack internal policies. This governance gap creates adoption barriers despite the urgent need for AI integration in business operations.",{"header":697,"content":698},"What practical steps can CISOs take to prepare for AI agent security?","CISOs should establish identity policies that create accountability for agent actions through composite identities connecting AI credentials with human users. Implement comprehensive monitoring frameworks tracking agent behavior across all environments including staging, production, and connected databases. Develop team AI capabilities including prompt engineering and model evaluation skills.",{"header":700,"content":701},"How do security benefits compare to AI adoption risks for organizations?","Security benefits can outweigh adoption risks when AI is properly monitored and implemented. 45% of survey respondents ranked security as the top area where AI can add value for software development. AI can democratize security knowledge, automate routine tasks, provide intelligent coding suggestions, and explain vulnerabilities to help developers resolve issues quickly.","content:en-us:the-source:security:ai-agents-are-reshaping-software-what-cisos-need-to-know.yml","Ai Agents Are Reshaping Software What Cisos Need To Know","en-us/the-source/security/ai-agents-are-reshaping-software-what-cisos-need-to-know.yml","en-us/the-source/security/ai-agents-are-reshaping-software-what-cisos-need-to-know",[707,719,757],{"_path":668,"_dir":24,"_draft":6,"_partial":6,"_locale":7,"slug":669,"type":449,"category":24,"config":708,"seo":709,"content":711,"_id":702,"_type":31,"title":703,"_source":32,"_file":704,"_stem":705,"_extension":35},{"layout":9,"template":451,"featured":119,"author":671,"sourceCTA":672},{"config":710,"title":675,"description":676},{"noIndex":6},{"title":675,"description":676,"date":678,"timeToRead":679,"heroImage":680,"keyTakeaways":712,"articleBody":685,"faq":713},[682,683,684],[714,715,716,717,718],{"header":688,"content":689},{"header":691,"content":692},{"header":694,"content":695},{"header":697,"content":698},{"header":700,"content":701},{"_path":720,"_dir":24,"_draft":6,"_partial":6,"_locale":7,"slug":721,"type":449,"category":24,"config":722,"seo":725,"content":729,"_id":753,"_type":31,"title":754,"_source":32,"_file":755,"_stem":756,"_extension":35},"/en-us/the-source/security/speed-and-control-gitops-for-insurance-leaders","speed-and-control-gitops-for-insurance-leaders",{"layout":9,"template":451,"featured":6,"author":723,"sourceCTA":724},"jason-morgan","beginners-guide-to-gitops",{"config":726,"title":727,"description":728},{"noIndex":6},"Speed and control: GitOps for insurance leaders","Discover how GitOps and enterprise CI/CD enable insurance companies to deploy fast while meeting strict regulatory compliance and audit requirements.",{"title":727,"description":728,"date":730,"timeToRead":679,"heroImage":731,"keyTakeaways":732,"articleBody":736,"faq":737},"2025-09-25","https://res.cloudinary.com/about-gitlab-com/image/upload/v1758827423/hpvkk3b8mozeqhed6daf.png",[733,734,735],"Insurance companies can achieve fast development cycles while maintaining regulatory compliance by combining GitOps tools like FluxCD with enterprise CI/CD platforms like GitLab.","Storing all deployment configs in Git creates automatic audit trails, version control, and enforced approval workflows that satisfy regulators and eliminate manual documentation.","Modern pipelines can automatically enforce separation of duties, require approvals, and block deployments that don't meet compliance rules—making governance systematic, not optional.","In conversations with insurance technology leaders, one challenge consistently emerges: How do you enable development teams to move at the speed modern customers expect while satisfying regulators who demand every change be tracked, approved, and reversible?\n\nThe answer isn't choosing between speed and control; it's combining the right tools to get both. That's where pairing GitOps tools like FluxCD with enterprise CI/CD platforms like GitLab creates something special: a deployment pipeline that's both developer-friendly and maintains the audit trails regulators require.\n\n## Why GitOps matters for insurance\n\nIf you're managing Kubernetes deployments in a regulated environment, you already know that \"just SSH in and fix it\" isn't an option. FluxCD and similar GitOps tools fundamentally change how we think about configuration management, and honestly, it's about time.\n\n### Everything lives in Git (where it belongs)\n\nWith FluxCD, your entire deployment configuration becomes code. Real, version-controlled, reviewable code. No more mystery configurations that changed three months ago and were never documented. Every YAML file, every Helm chart, every configuration parameter lives in Git repositories where they're subject to the same controls as your application code.\n\nThis isn't just about organization (though your future self will thank you during the next state insurance audit). When you treat configuration as code, you inherit all the battle-tested controls that software teams have refined over decades. Branch protection rules, pull request reviews, and signed commits aren't just for your Java or Python files anymore.\n\n### Your project becomes the single source of truth\n\nHere’s where compliance teams take notice: GitOps continuously monitors declared states and ensures clusters match what’s approved. Any drift between what’s intended and what’s running is automatically detected and reconciled.\n\nThis means your project isn't just documentation of what you think is running, it's the enforced state of your entire system. When an auditor asks, \"What version of this service was running on March 15th at 2 PM?\" you don't scramble through logs. You check the Project history. Simple, verifiable, and impossible to argue with.\n\n## Making GitOps enterprise-ready\n\nNow, having everything in Git is great, but insurers need more than just version control. They need to prove that every change followed proper procedures, met security requirements, and links to an approved business justification. This is where organizations must extend GitOps with a robust CI/CD system.\n\n### Change management that actually works\n\nInsurance CIOs and CTOs consistently cite manual change management processes as a major operational bottleneck. Their teams waste countless hours updating tickets, chasing approvals, and documenting deployments that should be automatic. Modern CI/CD pipelines solve this by integrating directly with change management systems, automatically creating and updating tickets as code moves through the deployment pipeline.\n\nEven better, these pipelines can enforce compliance rules:\n\n* Need actuarial approval for rating algorithm updates? The pipeline won’t proceed without it.\n* Require compliance review for underwriting logic? The deployment halts until sign-off.\n\nThis isn’t security theater — it’s real enforcement, applied consistently and automatically.\n\n### Separation of duties made simple\n\nInsurance regulators, whether state departments or international bodies like EIOPA, emphasize the separation of duties. The person who writes the code for premium calculations shouldn't be the one who approves it for production. Modern CI/CD platforms make this straightforward to implement and, more importantly, impossible to bypass.\n\nDevelopers can push code all day long, but they can't approve their own merge requests. They can't trigger production deployments without passing the necessary control gates. They can't modify audit logs. These aren't suggestions or guidelines; they're system-enforced rules that work across your entire development lifecycle.\n\n### A policy engine that speaks \"compliance\"\n\nThis is where [enterprise CI/CD platforms](https://about.gitlab.com/blog/ultimate-guide-to-ci-cd-fundamentals-to-advanced-implementation/) really earn their keep in insurance environments. Based on implementations I've overseen, the most successful platforms include comprehensive policy engines that can enforce virtually any requirement your compliance team requires:\n\n* **Permissions that make sense**: Role-based access control that maps to your actual organizational structure, not some generic \"admin/user\" split\n* **Audit trails that tell the whole story**: Not just who did what, but why they did it, who approved it, and what controls were validated\n* **Artifact management that satisfies regulators**: Automatic retention of build artifacts, deployment manifests, and security scan results for whatever period your regulations require\n* **Change window enforcement**: Block deployments during freeze periods, require additional approvals for emergency changes, or restrict certain types of changes to specific maintenance windows\n\n## GitOps and insurance: Better together\n\nIn my recent engagements with insurers ranging from regional carriers to global reinsurers, I've observed a clear pattern in successful GitOps adoptions. The magic happens when you pair GitOps approaches with enterprise controls, creating a deployment pipeline that developers actually want to use and that satisfies insurance compliance teams.\n\nDevelopers get to work with familiar Git workflows. They push code for new coverage types, create merge requests for claims automation improvements, and see their changes automatically deployed. No special deployment tools to learn, no manual steps to forget, no \"works in my machine\" mysteries when the new mobile claims app behaves differently in production.\n\nMeanwhile, your governance teams — who in insurance often report directly to the board's risk committee — get comprehensive audit trails, enforced approval workflows, and the ability to prove compliance without manual documentation. Every deployment is traceable from commit to production, with all the required approvals and security scans documented along the way.\n\nThe result? Your most advanced teams can iterate quickly, deploy frequently, and innovate confidently, all while maintaining the iron-clad controls that financial services require. It's not about choosing between moving fast and maintaining control. With the right tooling, you genuinely can have both.\n\n## Ready to see this in action?\n\nIf you're curious about how this approach could work in your organization, we're bringing the [Financial Services Roadshow](https://about.gitlab.com/events/financial-services-roadshow/) to several cities in the coming months. You'll see real-world implementations, hear from organizations that have made this transition, and get hands-on experience with the tools and workflows discussed here.",[738,741,744,747,750],{"header":739,"content":740},"How does GitOps help insurance companies balance speed and regulatory compliance?","GitOps enables insurance companies to deploy fast while meeting strict compliance requirements by combining tools like FluxCD with enterprise CI/CD platforms. All deployment configurations become version-controlled code in Git repositories, creating automatic audit trails and enforced approval workflows. This approach satisfies regulators while enabling developer-friendly deployment pipelines.",{"header":742,"content":743},"What makes GitOps configuration management suitable for regulated insurance environments?","GitOps treats entire deployment configurations as real, version-controlled, reviewable code stored in Git repositories. Every YAML file, Helm chart, and configuration parameter is subject to the same controls as application code, including branch protection rules and pull request reviews. This creates a single source of truth that's continuously monitored and automatically reconciled.",{"header":745,"content":746},"How do modern CI/CD pipelines enforce separation of duties for insurance compliance?","CI/CD platforms make separation of duties system-enforced rules rather than guidelines. Developers can push code but cannot approve their own merge requests or trigger production deployments without passing control gates. The person writing premium calculation code cannot approve it for production, and nobody can modify audit logs or bypass necessary approvals.",{"header":748,"content":749},"What compliance features do enterprise CI/CD platforms provide for insurance companies?","Enterprise platforms include comprehensive policy engines with role-based access control mapping to organizational structures, complete audit trails showing who did what and why with approval documentation, automatic retention of build artifacts and security scan results, and change window enforcement that blocks deployments during freeze periods.",{"header":751,"content":752},"How does storing deployment configurations in Git benefit insurance audits?","When deployment configurations live in Git, every change is tracked with complete version history, making audits straightforward. Instead of scrambling through logs when auditors ask about system states on specific dates, teams can check Git project history for simple, verifiable, and impossible-to-argue-with documentation of exactly what was running when.","content:en-us:the-source:security:speed-and-control-gitops-for-insurance-leaders.yml","Speed And Control Gitops For Insurance Leaders","en-us/the-source/security/speed-and-control-gitops-for-insurance-leaders.yml","en-us/the-source/security/speed-and-control-gitops-for-insurance-leaders",{"_path":758,"_dir":24,"_draft":6,"_partial":6,"_locale":7,"slug":759,"type":760,"category":24,"config":761,"seo":762,"content":766,"_id":774,"_type":31,"title":775,"_source":32,"_file":776,"_stem":777,"_extension":35},"/en-us/the-source/security/building-resilient-software-through-secure-development","building-resilient-software-through-secure-development","guide",{"layout":9,"template":451,"featured":6,"gatedAsset":759},{"config":763,"title":764,"description":765},{"noIndex":6},"Building resilient software through secure development","Discover how to automate compliance, reduce security risks, and build resilient software. Learn proven strategies for integrating security into your SDLC.",{"title":764,"description":765,"date":767,"heroImage":768,"keyTakeaways":769,"articleBody":773},"2025-09-22","https://res.cloudinary.com/about-gitlab-com/image/upload/v1761157735/hfazekmlyinw8pvxcm2r.png",[770,771,772],"With 80% of Chief Compliance Officers foreseeing escalating compliance pressures, automating security processes throughout your development lifecycle is critical for maintaining competitive advantage and meeting evolving standards.","Organizations implementing automated compliance solutions eliminate manual audit tasks, allowing developers to focus on innovation while security and governance controls operate seamlessly in the background.","Modern DevSecOps platforms enable organizations to enforce compliance directly in CI/CD pipelines, providing comprehensive audit trails, vulnerability management, and provenance tracking required by federal standards.","In today's threat landscape, software vulnerabilities can swiftly escalate to national security issues. Foreign adversaries conduct sophisticated cyber campaigns costing billions of taxpayer dollars while undermining organizational security and privacy. With Executive Order 14306 reinforcing the government's commitment to secure software development and strengthening NIST's Secure Software Development Framework as the definitive best practice, the question isn't whether to prioritize security, it's how to implement it effectively.\n\n## The challenge: Speed vs. security\nHistorically, organizations have prioritized development speed at the expense of security, leaving critical vulnerabilities in their products. This trade-off became more prominent with widespread DevOps adoption, as rapid release cycles often outpaced security considerations. Manual compliance tracking pulls developers away from core development work, with teams spending significant time on audit tasks and regulatory documentation.\n\nOrganizations navigating multiple compliance frameworks (NIST, FedRAMP, FISMA, ISO 27001, SOC 2) face an even greater challenge. While these frameworks share common controls, they rarely align perfectly, creating manual tracking burdens that scale poorly across complex development environments.\n\n## A strategic approach to embedded security\nThe path forward requires more than checkbox compliance. Organizations that proactively embed compliance requirements into development processes from the outset realize significant competitive advantages, time savings, and cost efficiencies. This means codifying standards and seamlessly integrating security throughout the software development lifecycle rather than treating it as a final gate.\n\nEffective implementation demands automated guardrails that enforce security policies without slowing development velocity. Protected branches, merge request approvals, and automated scanning ensure code stability while maintaining rapid delivery cycles. Security policies act as automated safeguards throughout the software development lifecycle, enforcing specific security actions at each pipeline stage.\n\n## Visibility and control across the supply chain\nModern development environments require answers to fundamental questions: What assets do we have? Are they being scanned? Where are we most at risk? Software bill of materials generation, dependency scanning, and continuous vulnerability monitoring provide the visibility needed to manage risk across sprawling codebases.\n\nStatic reachability analysis enables teams to prioritize remediation based on actual threat exposure rather than scanning all vulnerable dependencies. Comprehensive vulnerability risk assessment data, including EPSS scores and Known Exploited Vulnerabilities status, allows teams to focus on real-world threats.\n\n## From principle to practice\nThe Principle of Least Privilege, developed in the 1970s, remains fundamental to modern security. Implementing sophisticated role-based access control ensures each user and system has precisely the permissions required for designated responsibilities. Fine-grained permissions for both human users and non-human identities minimize blast radius if credentials are compromised.\n\nOrganizations that successfully navigate today's compliance landscape don't treat security as an afterthought. They embed it into every stage of development, automate verification processes, and maintain continuous monitoring. This comprehensive approach transforms compliance from a burden into a competitive advantage.\n\n**Download the complete guide to learn how leading organizations can automate compliance, implement secure guardrails, and build truly resilient software.**","content:en-us:the-source:security:building-resilient-software-through-secure-development.yml","Building Resilient Software Through Secure Development","en-us/the-source/security/building-resilient-software-through-secure-development.yml","en-us/the-source/security/building-resilient-software-through-secure-development",[779,791,829],{"_path":594,"_dir":29,"_draft":6,"_partial":6,"_locale":7,"slug":595,"type":449,"category":29,"config":780,"seo":781,"content":783,"_id":626,"_type":31,"title":627,"_source":32,"_file":628,"_stem":629,"_extension":35},{"layout":9,"template":451,"featured":6,"author":597,"sourceCTA":547},{"config":782,"title":600,"description":601},{"noIndex":6},{"title":600,"description":601,"date":603,"timeToRead":460,"heroImage":604,"keyTakeaways":784,"articleBody":609,"faq":785},[606,607,608],[786,787,788,789,790],{"header":612,"content":613},{"header":615,"content":616},{"header":618,"content":619},{"header":621,"content":622},{"header":624,"content":625},{"_path":792,"_dir":29,"_draft":6,"_partial":6,"_locale":7,"slug":793,"type":449,"category":29,"config":794,"seo":797,"content":801,"_id":825,"_type":31,"title":826,"_source":32,"_file":827,"_stem":828,"_extension":35},"/en-us/the-source/platform/beyond-the-portal-hype-why-you-need-a-platform-first","beyond-the-portal-hype-why-you-need-a-platform-first",{"layout":9,"template":451,"featured":119,"author":795,"sourceCTA":796},"bryan-ross","source-lp-how-to-build-a-resilient-software-development-practice",{"title":798,"ogTitle":798,"description":799,"ogDescription":799,"ogImage":800},"Beyond the portal hype: Why you need a platform first","Discover why many internal developer portals fall short and why a platform-first approach is key to improving developer productivity.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1752086082/z2udikxenysukvroywvb.png",{"title":798,"description":799,"date":802,"timeToRead":803,"heroImage":800,"keyTakeaways":804,"articleBody":808,"faq":809},"2025-07-15T00:00:00.000Z","6 min read",[805,806,807],"Most portal initiatives struggle with adoption because organizations underestimate the product management effort required for successful implementation and ongoing maintenance.","Start by building a robust platform with streamlined workflows and automation before investing in a portal interface; the value of any portal is entirely dependent on the capabilities of the underlying platform.","Consider whether tool consolidation might be more effective than integration; end-to-end solutions can simplify your ecosystem and reduce the need for the complex integrations that portals attempt to solve.","When Spotify released Backstage as an open source project in 2020, it sparked a wave of enthusiasm across the platform engineering community. The promise was compelling: a unified dashboard where developers could discover, access, and consume everything they needed to build software efficiently. Who wouldn't want a sleek “shop front” to simplify the increasingly complex world of software development?\n\nFast forward to today, and the reality has proven more complicated. Despite the initial excitement, many organizations struggle to realize the promised benefits of internal developer portals. \n\n## Portals vs. platforms: What’s the difference?\nAn internal developer portal is a “front door” to your technical ecosystem. It sits atop your developer platform, which integrates different tools to provide standardized workflows and underlying infrastructure and helps enforce governance. While the platform handles the technical implementation of tooling and automation, the portal provides a single pane of glass that makes development resources discoverable and accessible.\n\nBefore we get to the challenges around portals, it’s worth acknowledging the very real challenges they aim to address:\n1. **Discovery obstacles**: Many organizations lack an API catalog, causing developers to struggle to find existing software components, documentation, best practices, and support channels. Portals attempt to solve this by creating a centralized catalog where developers can access these resources through a unified search and navigation experience.\n1. **Tool sprawl**: The modern software development lifecycle relies on numerous specialized tools, each with its own interface and learning curve. [GitLab research](https://about.gitlab.com/developer-survey/) found that 62% of teams use six or more separate tools for software development. Portals address this by integrating these disparate tools behind a consistent interface, reducing the cognitive load of context switching.\n1. **Siloed knowledge**: Teams focused on their specific challenges often create their own workflows and toolchains, hampering cross-team collaboration and leading to duplicated work. Portals aim to break down these silos by making team assets visible across the organization and promoting standardized workflows that encourage collaboration and reuse of existing solutions.\nThese challenges have a measurable business impact: According to the [2024 GitLab Global DevSecOps Report](https://about.gitlab.com/developer-survey/), 78% of developers spend at least a quarter of their time maintaining and integrating toolchains.\n\n## Why portal initiatives often fall short\nIf internal developer portals address genuine business problems, why do these initiatives regularly fail to gain traction? In my conversations with technical leaders at companies of all sizes, I’ve noticed several key factors:\n1. **Insufficient product management**: Many organizations underinvest in release announcements, internal enablement examples, training, and other adoption-fueling activities essential for portal success.\n1. **Dependency on platform capabilities**: A portal is only as valuable as its underlying platform. Without robust platform capabilities, a portal merely presents a unified view of dysfunction.\n1. **Technical complexity**: Organizations often underestimate that a portal is not simply a tool to install but a software development framework requiring significant engineering skills to build and maintain.\n1. **Ongoing investment requirements**: Building and maintaining a portal demands substantial continuous investment, which many organizations underestimate during initial planning stages.\n1. **Limited developer resonance**: Despite being highly discussed in platform engineering circles, a recent CNCF App Development Working Group survey revealed that many developers remain unaware of Backstage — suggesting it may not address problems developers consider material to their work.\n\nThese challenges are particularly acute when building the portal’s frontend interface. A portal essentially functions as a wrapper built around existing tools, aiming to become the single source of truth for developer interactions.\n\nBut here's the catch: If your portal doesn't mirror enough of the functionality of those underlying tools, developers will bypass it and go straight to the underlying tools, making your portal just another item in an already crowded toolchain. At the same time, trying to keep up with feature changes across a dozen backend tools requires a massive ongoing effort. Every time a backend system changes or releases a new capability, the portal team faces the same question: implement, integrate, or ignore?  Providing a single pane of glass is a significant, perpetual engineering investment that most organizations underestimate.\n\n[Netflix, which has deep experience in developer tooling, puts it bluntly](https://www.youtube.com/watch?v=qgFyb28NvlQ): “A common front door for existing tools is insufficient on its own to attract and keep a user base. Rather [it] needs end-to-end experiences not available in other tools to keep users coming back and discovering the additional features and capabilities.”\n\n## The platform-first approach\nOrganizations that have successfully improved developer productivity typically follow a platform-first approach rather than beginning with a portal. Here’s what this looks like in practice:\n1. **Start with developer needs**: Don’t assume what developers need. Speak directly with teams about their challenges and work closely with them to develop solutions that demonstrably improve their day-to-day experiences.\n1. **Focus on platform capabilities first**: Prioritize creating streamlined, automated workflows for regular tasks that incorporate best practices and corporate standards. Any future portal's value will entirely depend on these underlying capabilities.\n1. **Consider tool consolidation before integration**: Portals primarily solve integration issues between tools by abstracting authentication methods and bringing data sources together. Before investing in complex integrations, evaluate whether consolidating tools might simplify your ecosystem. End-to-end solutions across the software development lifecycle can reduce the need for extensive integration work.\n1. **Invest in product management**: Ensure strong product management to encourage platform adoption by new teams and drive new capability adoption by teams who have already embraced the platform.\n\n## When portals make sense\nThis isn’t to say that internal developer portals are inherently flawed. In fact, I’ve worked with several large, mature organizations that successfully use internal developer portals like Backstage, but with a crucial difference in approach and expectations.\n\nOne large financial institution I worked with recently has had tremendous feedback from their portal implementation. Rather than trying to create a single pane of glass for all development activities, their portal was built to serve two specific workflows: developer onboarding and new project scaffolding. When a developer joins a team, the portal guides them through account setup across six different systems, automatically provisioning access based on their team assignment. For new projects, the portal provides developers with an intuitive interface to select an appropriate template and configure it to their needs. The portal then triggers the necessary backend systems to build the required project scaffolding, including an initial code repository and a CI/CD pipeline with [policy-driven testing](https://about.gitlab.com/blog/how-to-use-gitlabs-custom-compliance-frameworks-in-your-devsecops/) and [infrastructure-as-code](https://about.gitlab.com/blog/using-ansible-and-gitlab-as-infrastructure-for-code/) to deploy the application.\n\nSuccessful implementations like this leverage portals for activities that genuinely benefit from a simplified point-and-click interface. The portal doesn't try to be the primary interface for all activity; developers still work directly in their IDEs, Git repositories, and monitoring dashboards.\nCritically, organizations with successful developer portals build solid, capable internal developer platforms first. They also have mature approaches to gathering developer feedback to direct their efforts to real-world points of friction.\n\n## The path forward\nThe message for technical leaders navigating the platform engineering landscape is clear: Start with a strong platform rather than focusing primarily on a portal. Prioritize creating tangible value for developers through automation, standardization, and simplified workflows. Once your platform capabilities mature and deliver measurable benefits, consider adding a portal as an enhancement if specific needs warrant it.\n\nBy taking this measured approach, you'll avoid the common pitfall of implementing a beautiful dashboard that sits atop dysfunction — and instead build developer tooling that genuinely improves productivity, reduces cognitive load, and accelerates innovation.",[810,813,816,819,822],{"header":811,"content":812},"What's the difference between an internal developer portal and a platform?","An internal developer portal is a \"front door\" interface that sits atop your developer platform. The platform handles technical implementation, tooling, and automation with standardized workflows, while the portal provides a single pane of glass that makes development resources discoverable and accessible.",{"header":814,"content":815},"How much time do developers spend on toolchain maintenance and integration?","According to the 2024 GitLab Global DevSecOps Report, 78% of developers spend at least a quarter of their time maintaining and integrating toolchains. GitLab research also found that 62% of teams use six or more separate tools for software development.",{"header":817,"content":818},"Why do internal developer portal initiatives often fail?","Portal initiatives fail due to insufficient product management, dependency on weak platform capabilities, underestimated technical complexity, ongoing investment requirements, and limited developer resonance. Many organizations underestimate that portals require significant continuous engineering investment to maintain feature parity with underlying tools.",{"header":820,"content":821},"What should organizations prioritize before building a developer portal?","Organizations should follow a platform-first approach: start with developer needs assessment, focus on platform capabilities with streamlined automated workflows, consider tool consolidation before integration, and invest in strong product management for adoption. Build robust platform capabilities before adding portal interfaces.",{"header":823,"content":824},"When do internal developer portals make sense to implement?","Portals work best for specific workflows like developer onboarding and new project scaffolding rather than trying to be a single pane of glass for all activities. Successful implementations focus on activities that genuinely benefit from simplified point-and-click interfaces while developers continue using specialized tools directly.","content:en-us:the-source:platform:beyond-the-portal-hype-why-you-need-a-platform-first.yml","Beyond The Portal Hype Why You Need A Platform First","en-us/the-source/platform/beyond-the-portal-hype-why-you-need-a-platform-first.yml","en-us/the-source/platform/beyond-the-portal-hype-why-you-need-a-platform-first",{"_path":830,"_dir":29,"_draft":6,"_partial":6,"_locale":7,"config":831,"seo":832,"content":836,"type":449,"slug":860,"category":29,"_id":861,"_type":31,"title":862,"_source":32,"_file":863,"_stem":864,"_extension":35},"/en-us/the-source/platform/transform-your-platform-onboarding-for-higher-adoption-rates",{"layout":9,"template":451,"author":795,"featured":119,"sourceCTA":527},{"title":833,"description":834,"ogImage":835},"Transform your platform onboarding for higher adoption rates","Redesign your platform onboarding to boost adoption, reduce friction, and create seamless experiences for development teams.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463510/hm90bhwzptl1b2gwovhx.png",{"title":833,"date":837,"description":834,"timeToRead":838,"heroImage":835,"keyTakeaways":839,"articleBody":843,"faq":844},"2025-07-01","4 min read",[840,841,842],"A weak onboarding experience can significantly impact platform adoption, with research showing that one-third of users consider abandoning platforms after poor experiences.","Simple improvements like creating an intuitive landing page, writing clear documentation, and automating access processes can dramatically increase user adoption and satisfaction.","Building effective support systems across multiple channels (chat, email, ticketing) creates trust and ensures users can quickly overcome obstacles during their onboarding journey.","In my work with platform teams across industries, from startups to enterprises, I’ve noticed a consistent blind spot: the onboarding experience. While teams focus intensely on building robust features, they often neglect how new users first encounter their platform - and this oversight can severely limit adoption.\n\nAccording to the [diffusion of innovations theory](https://en.wikipedia.org/wiki/Diffusion_of_innovations), most platforms achieve about 16% adoption before stagnating. That's because innovators and early adopters - representing about 16% of an organization - are often willing to tolerate rough edges, motivated by novelty or vision. The early majority, comprising 34%, is key to going mainstream. They prioritize proven reliability, a clear value proposition, and ease of use. This shift in expectations is the chasm where many platform teams stumble. Your early adopters might forgive a clunky onboarding process, but the early majority won’t.\n\n![Diffusion of Innovation](https://res.cloudinary.com/about-gitlab-com/image/upload/v1752176125/Blog/k6kxdtokv4laph4exsdt.png)\n\n## Start with a memorable, future-proof name\nThe platform's name is likely the first part of the platform that users will engage with. Choose something unique within your organization that’s easy to spell and not tied to specific technologies.\n\nEffective platform names often:\n\n**Reflect your value proposition** rather than the underlying technology. For example, try a name such as “Runway” that reflects the value proposition of helping teams launch faster instead of something more literal like “K8sPipeline.”\n\n**Use simple, memorable words** that evoke the platform’s purpose. Can someone easily understand and spell it after hearing it once? Choosing something simple and easy to remember, such as “Beacon,” will likely serve you better than a unique or creative option such as “Syzygy.”\n\nAvoid these common pitfalls:\n- **Version numbers in names** signal previous failures and raise doubts about longevity.\n- **Generic three-letter acronyms** become instantly forgettable in a sea of other TLAs.\n- **Technology-based names** suggest you prioritize tools over user needs.\n\n## Develop a multi-channel communication strategy\nEffective platform adoption requires deliberate communication planning across multiple channels, from a product website that clearly articulates your platform’s value proposition to user-centric documentation and email updates. Your communication strategy should also include a reliable health dashboard that gives users visibility into known issues and their resolution status. Remember that in enterprise environments, how you communicate about your platform often matters as much as the platform itself. Invest in communication with the same care you invest in your technical infrastructure.\n\n> [Learn more about building a comprehensive communication framework for platform engineering](https://about.gitlab.com/the-source/platform/building-a-communication-strategy-for-platform-engineering-teams/).\n\n## Simplify the access process\nTeams often spend months perfecting platform features while neglecting the most basic step: making it easy to access the platform.\n\nI’ve seen many examples of this at organizations of all sizes, across every industry. Common barriers include:\n\n**Manual onboarding processes** for supposedly self-service platforms. If you can’t fully automate the process, do your best to perform human-in-the-loop tasks asynchronously.\n\n**Time-consuming approval steps** or other barriers that delay initial exploration. One great solution to this is to offer immediate, temporary access to your platform for free for 30 days. This is long enough for someone to decide if your platform helps them and raise the necessary request to gain full access.\n\n**Mandatory training requirements** before users can begin. Training is valuable, but it should be required within a period of joining the platform rather than being a prerequisite.\n\n## Don’t neglect design and tone\nFirst impressions are largely visual. An outdated or inconsistent interface can deter users even if your functionality is excellent. Pay attention to branding, color schemes, and the tone of your messaging. These details might seem trivial, but they set the tone for user engagement.\n\nAim for clear, human communication rather than technical jargon. A user-friendly tone makes your platform more approachable to diverse stakeholders.\n\n## Build responsive support systems\nEven the best platforms need support, and nothing builds trust faster than responsive help when users encounter problems. Your primary goal during support interactions should be minimizing user frustration.\n\nCreate an effective support framework by leveraging multiple channels:\n- **Support tickets** provide accountability and integration with other systems.\n- **Email communication** works well for complex topics requiring clarity.\n- **Chat systems** enable real-time problem-solving when users are “in the flow.”\n\nBe present where your users are, even if that means monitoring multiple communication tools. Aim to answer chat queries within 30-60 minutes, and always follow up publicly so others can benefit from solutions.\n\n## The path to successful platform adoption\nOrganizations that prioritize user experience from day one gain significant advantages in adoption rates and user satisfaction. By creating intuitive onboarding processes, clear documentation, and responsive support systems, you transform the user journey from frustration to delight.\n\nRemember that your platform users are making a critical decision: whether your solution deserves their time and trust. A thoughtful onboarding experience tells them you value that investment - and dramatically increases your chances of widespread adoption.",[845,848,851,854,857],{"header":846,"content":847},"Why is platform onboarding so important to user adoption?","Poor onboarding experiences are a leading cause of stalled platform adoption. Research shows that one-third of users consider abandoning platforms after a frustrating first encounter. A thoughtful, streamlined onboarding process helps build trust and accelerates user engagement.",{"header":849,"content":850},"What are the most common onboarding mistakes platform teams make?","Teams often over-engineer platform features while neglecting usability basics. Common mistakes include clunky access processes, mandatory training before usage, poor visual design, inconsistent messaging, and weak support channels, all of which discourage adoption.",{"header":852,"content":853},"How can platform teams improve onboarding access without sacrificing control?","Offer temporary, self-service access, such as a 30-day trial, to remove early friction. If full automation isn’t possible, use asynchronous human-in-the-loop onboarding and avoid approval-heavy workflows that delay initial exploration and testing.",{"header":855,"content":856},"What role does naming and communication play in platform success?","A clear, future-proof name and consistent multi-channel communication strategy help build platform recognition and trust. Names should reflect user value, not technology, while communication must include user-focused documentation, health dashboards, and regular updates.",{"header":858,"content":859},"How should platform support be structured during onboarding?","Support should be fast, responsive, and multi-modal. Use tickets for tracking, email for clarity, and chat for real-time help. Aim for quick response times and always share publicly resolved issues to benefit all users.","transform-your-platform-onboarding-for-higher-adoption-rates","content:en-us:the-source:platform:transform-your-platform-onboarding-for-higher-adoption-rates.yml","Transform Your Platform Onboarding For Higher Adoption Rates","en-us/the-source/platform/transform-your-platform-onboarding-for-higher-adoption-rates.yml","en-us/the-source/platform/transform-your-platform-onboarding-for-higher-adoption-rates",[866,892,904],{"_path":867,"_dir":20,"_draft":6,"_partial":6,"_locale":7,"slug":868,"type":869,"category":20,"config":870,"seo":875,"content":880,"_id":888,"_type":31,"title":889,"_source":32,"_file":890,"_stem":891,"_extension":35},"/en-us/the-source/ai/webcast-nov18-dora-gitlab-maximizing-ai-impact","webcast-nov18-dora-gitlab-maximizing-ai-impact","webinar",{"layout":9,"template":451,"featured":6,"speakers":871,"gatedAsset":874},[872,452,873],"nathen-harvey","jessie-young","dora-insights-2025",{"config":876,"title":877,"description":878,"ogImage":879},{"noIndex":6},"DORA and GitLab on maximizing AI impact on software delivery","Join this live webinar with DORA and GitLab experts to discover what really determines AI success in software development teams.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1760556275/zvygc1uasccpzg3sdvo6.png",{"title":881,"description":878,"date":882,"keyTakeaways":883,"articleBody":887,"heroImage":879},"AI as an amplifier: DORA and GitLab on maximizing AI impact","2025-11-18T16:00Z",[884,885,886],"Organizational capabilities, not tools, determine AI success. High-performing organizations see accelerated value delivery while fragmented teams experience magnified dysfunction.","Research shows a direct correlation between high-quality internal platforms and an organization's ability to unlock AI value at scale.","While executives project $750B in potential value and expect 50/50 human-AI partnerships, current reality shows humans doing 75% of the work. Understanding this gap is key to effective AI adoption.","***Is AI helping or hurting your software development team?***\n\nNew research from GitLab reveals that AI-powered software innovation is the new economic growth engine, potentially unlocking billions in value.\n\nAt the same time, DORA research reveals a critical insight: AI doesn't create high performance. It amplifies what already exists. In well-aligned organizations, AI accelerates value delivery and improves flow. In fragmented ones, it exposes bottlenecks and magnifies dysfunction.\n\nThe implications are profound. Organizations are pouring resources into AI tools, expecting transformative results. Yet many are discovering that without the right foundation — quality internal platforms, clear workflows, aligned teams — AI investments fall short. Meanwhile, teams with strong organizational capabilities are seeing exponential gains.\n\nJoin Nathen Harvey from DORA alongside GitLab's Emilio Salvador and Jessie Young for an interactive fireside chat exploring what really determines whether AI investments pay off.\n\n## What you'll learn\n\n**The current state of AI adoption:** Get the latest numbers from GitLab's annual research on how organizations are adopting AI and where C-level executives and DevSecOps practitioners have rising concerns.\n\n**The AI amplifier effect:** Discover why organizational capabilities, not AI tools, determine whether AI helps or hurts your software delivery performance. Learn how AI acts as both a mirror and multiplier, reflecting and amplifying your organization's existing strengths and weaknesses. Understand why the greatest returns on AI investment come from strategic focus on your underlying organizational system rather than the tools themselves.\n\n**The flexibility imperative:** Learn why successful AI adoption requires the flexibility to choose and switch between different AI tools and models rather than being locked into a single vendor solution. Understand how providing teams with options for AI model selection builds trust by allowing them to use tools that best fit their specific use cases, compliance requirements, and comfort levels.\n\n**The seven capabilities that matter:** Learn about the DORA AI Capabilities Model and understand which organizational factors unlock AI's potential and which expose existing weaknesses. Gain a practical framework for assessing where your organization stands and identify the specific capabilities you need to develop to maximize AI impact on your team.\n\n**Platform engineering's critical role:** See the direct correlation between high-quality internal platforms and an organization's ability to capture AI value. Discover why platform quality, workflow clarity, and team alignment are the true differentiators in AI success, and learn how to build platforms that enable experimentation while providing necessary standardization.\n\n**The human-AI partnership paradox:** While 73% of executives believe AI-human partnership should be at least 50/50, the current reality is that humans handle three quarters of the work. Learn what this disconnect means for your team and how to bridge it effectively, while preserving the human contributions that matter most: creativity and strategic vision.\n\n**From AI hype to AI value:** Move beyond adoption metrics to implementation insights. Learn how practitioners are securing executive buy-in using AI insights, navigating the tension between standardization and experimentation, and addressing the reality that technology can only help you as much as you can help yourself. Discover actionable strategies that you can turn into real outcomes for your organization.\n\n## Who should attend\n\nThis webinar is designed for:\n\n* Engineering leaders evaluating AI investment strategies\n* Platform engineering teams building internal developer platforms\n* Technical decision-makers responsible for tooling and productivity\n* DevSecOps practitioners implementing AI-assisted workflows\n* Software development managers looking to optimize team performance\n\nJoin the webinar to get exclusive access to the latest DORA and GitLab research reports and hear expert commentary on the findings.\n\nCan’t make it live? Registration also includes access to the on-demand recording.\n\nWhether you're just beginning your AI journey or scaling existing implementations, you'll gain actionable insights on aligning organizational capabilities to maximize AI impact.","content:en-us:the-source:ai:webcast-nov18-dora-gitlab-maximizing-ai-impact.yml","Webcast Nov18 Dora Gitlab Maximizing Ai Impact","en-us/the-source/ai/webcast-nov18-dora-gitlab-maximizing-ai-impact.yml","en-us/the-source/ai/webcast-nov18-dora-gitlab-maximizing-ai-impact",{"_path":631,"_dir":20,"_draft":6,"_partial":6,"_locale":7,"slug":632,"type":449,"category":20,"config":893,"seo":894,"content":896,"_id":663,"_type":31,"title":664,"_source":32,"_file":665,"_stem":666,"_extension":35},{"layout":9,"template":451,"featured":6,"author":634,"sourceCTA":453},{"config":895,"title":637,"description":638},{"noIndex":6},{"title":637,"description":638,"date":640,"timeToRead":460,"heroImage":641,"keyTakeaways":897,"articleBody":646,"faq":898},[643,644,645],[899,900,901,902,903],{"header":649,"content":650},{"header":652,"content":653},{"header":655,"content":656},{"header":658,"content":659},{"header":661,"content":662},{"_path":447,"_dir":20,"_draft":6,"_partial":6,"_locale":7,"slug":448,"type":449,"category":20,"config":905,"seo":906,"content":908,"_id":483,"_type":31,"title":484,"_source":32,"_file":485,"_stem":486,"_extension":35},{"layout":9,"template":451,"featured":119,"author":452,"sourceCTA":453},{"config":907,"title":456,"description":457},{"noIndex":6},{"title":456,"description":457,"date":459,"timeToRead":460,"heroImage":461,"keyTakeaways":909,"articleBody":466,"faq":910},[463,464,465],[911,912,913,914,915],{"header":469,"content":470},{"header":472,"content":473},{"header":475,"content":476},{"header":478,"content":479},{"header":481,"content":482},[917,932,945],{"_path":918,"_dir":919,"_draft":6,"_partial":6,"_locale":7,"config":920,"title":921,"description":922,"link":923,"_id":929,"_type":31,"_source":32,"_file":930,"_stem":931,"_extension":35},"/shared/en-us/the-source/source-lp-ctas/application-security-in-the-digital-age","source-lp-ctas",{"slug":528},"Application security in the digital age","Read our survey findings from more than 5,000 DevSecOps professionals worldwide for insights on how organizations are grappling with increasing attack surfaces and changing attitudes towards security and AI.",{"text":924,"config":925},"Read the report",{"href":926,"dataGaName":927,"dataGaLocation":928},"/developer-survey/2024/security-compliance/","Application Security in the Digital Age","thesource","content:shared:en-us:the-source:source-lp-ctas:application-security-in-the-digital-age.yml","shared/en-us/the-source/source-lp-ctas/application-security-in-the-digital-age.yml","shared/en-us/the-source/source-lp-ctas/application-security-in-the-digital-age",{"_path":933,"_dir":919,"_draft":6,"_partial":6,"_locale":7,"config":934,"title":935,"description":936,"link":937,"_id":942,"_type":31,"_source":32,"_file":943,"_stem":944,"_extension":35},"/shared/en-us/the-source/source-lp-ctas/source-lp-devsecops-the-key-to-modern-security-resilience",{"slug":527},"DevSecOps: The key to modern security resilience","Learn how embedding security in development can slash incident response time by 720x and save millions in security costs annually.",{"text":938,"config":939},"Download the guide",{"href":940,"dataGaName":941,"dataGaLocation":928},"/the-source/security/devsecops-the-key-to-modern-security-resilience/","DevSecOps the key to modern security resilience","content:shared:en-us:the-source:source-lp-ctas:source-lp-devsecops-the-key-to-modern-security-resilience.yml","shared/en-us/the-source/source-lp-ctas/source-lp-devsecops-the-key-to-modern-security-resilience.yml","shared/en-us/the-source/source-lp-ctas/source-lp-devsecops-the-key-to-modern-security-resilience",{"_path":946,"_dir":919,"_draft":6,"_partial":6,"_locale":7,"config":947,"title":948,"description":949,"link":950,"_id":955,"_type":31,"_source":32,"_file":956,"_stem":957,"_extension":35},"/shared/en-us/the-source/source-lp-ctas/source-lp-guide-to-dynamic-sboms",{"slug":526},"Guide to dynamic SBOMs: An integral element of modern software development","Learn how to gain visibility into previously unidentified organizational risks with a software bill of materials (SBOM).",{"text":951,"config":952},"Read the guide",{"href":953,"dataGaName":954,"dataGaLocation":928},"/the-source/security/guide-to-dynamic-sboms/","Guide to Dynamic SBOMs","content:shared:en-us:the-source:source-lp-ctas:source-lp-guide-to-dynamic-sboms.yml","shared/en-us/the-source/source-lp-ctas/source-lp-guide-to-dynamic-sboms.yml","shared/en-us/the-source/source-lp-ctas/source-lp-guide-to-dynamic-sboms",[959,971,983],{"_path":960,"_dir":919,"_draft":6,"_partial":6,"_locale":7,"config":961,"title":962,"description":963,"link":964,"_id":968,"_type":31,"_source":32,"_file":969,"_stem":970,"_extension":35},"/shared/en-us/the-source/source-lp-ctas/source-lp-building-a-resilient-software-development-practice",{"slug":549},"Building a resilient software development practice","Learn strategies to bolster your team's effectiveness amid shifts in the industry with a standardized approach to software development.",{"text":951,"config":965},{"href":966,"dataGaName":967,"dataGaLocation":928},"/the-source/platform/building-a-resilient-software-development-practice/","Building a Resilient Software Development Practice","content:shared:en-us:the-source:source-lp-ctas:source-lp-building-a-resilient-software-development-practice.yml","shared/en-us/the-source/source-lp-ctas/source-lp-building-a-resilient-software-development-practice.yml","shared/en-us/the-source/source-lp-ctas/source-lp-building-a-resilient-software-development-practice",{"_path":972,"_dir":919,"_draft":6,"_partial":6,"_locale":7,"config":973,"title":974,"description":975,"link":976,"_id":980,"_type":31,"_source":32,"_file":981,"_stem":982,"_extension":35},"/shared/en-us/the-source/source-lp-ctas/source-lp-measuring-success-in-software-development-a-guide-for-leaders",{"slug":548},"Measuring success in software development: A guide for leaders","Discover how to measure software delivery performance with key metrics that optimize workflows, enhance team productivity, and drive better decisions.",{"text":938,"config":977},{"href":978,"dataGaName":979,"dataGaLocation":928},"/the-source/platform/measuring-success-in-software-development-a-guide-for-leaders/","Measuring success in software development","content:shared:en-us:the-source:source-lp-ctas:source-lp-measuring-success-in-software-development-a-guide-for-leaders.yml","shared/en-us/the-source/source-lp-ctas/source-lp-measuring-success-in-software-development-a-guide-for-leaders.yml","shared/en-us/the-source/source-lp-ctas/source-lp-measuring-success-in-software-development-a-guide-for-leaders",{"_path":984,"_dir":919,"_draft":6,"_partial":6,"_locale":7,"config":985,"title":986,"description":987,"link":988,"_id":992,"_type":31,"_source":32,"_file":993,"_stem":994,"_extension":35},"/shared/en-us/the-source/source-lp-ctas/source-lp-the-ultimate-playbook-for-high-performing-devsecops-teams",{"slug":547},"The ultimate playbook for high-performing DevSecOps teams ","Learn how to tackle issues like deployment slowdowns, lack of collaboration, and developer burnout.",{"text":989,"config":990},"Read the ebook",{"href":991,"dataGaName":986,"dataGaLocation":928},"/the-source/platform/the-ultimate-playbook-for-high-performing-devsecops-teams/","content:shared:en-us:the-source:source-lp-ctas:source-lp-the-ultimate-playbook-for-high-performing-devsecops-teams.yml","shared/en-us/the-source/source-lp-ctas/source-lp-the-ultimate-playbook-for-high-performing-devsecops-teams.yml","shared/en-us/the-source/source-lp-ctas/source-lp-the-ultimate-playbook-for-high-performing-devsecops-teams",[996,1008,1020],{"_path":997,"_dir":919,"_draft":6,"_partial":6,"_locale":7,"config":998,"title":999,"description":1000,"link":1001,"_id":1005,"_type":31,"_source":32,"_file":1006,"_stem":1007,"_extension":35},"/shared/en-us/the-source/source-lp-ctas/navigating-ai-maturity-in-devsecops",{"slug":506},"Navigating AI maturity in DevSecOps","Read our survey findings from more than 5,000 DevSecOps professionals worldwide for insights on how organizations are incorporating AI into the software development lifecycle.",{"text":924,"config":1002},{"href":1003,"dataGaName":1004,"dataGaLocation":928},"/developer-survey/2024/ai/","Navigating AI Maturity in DevSecOps","content:shared:en-us:the-source:source-lp-ctas:navigating-ai-maturity-in-devsecops.yml","shared/en-us/the-source/source-lp-ctas/navigating-ai-maturity-in-devsecops.yml","shared/en-us/the-source/source-lp-ctas/navigating-ai-maturity-in-devsecops",{"_path":1009,"_dir":919,"_draft":6,"_partial":6,"_locale":7,"config":1010,"title":1011,"description":1012,"link":1013,"_id":1017,"_type":31,"_source":32,"_file":1018,"_stem":1019,"_extension":35},"/shared/en-us/the-source/source-lp-ctas/source-lp-ai-guide-for-enterprise-leaders-building-the-right-approach",{"slug":507},"AI guide for enterprise leaders: Building the right approach","Download our guide for enterprise leaders to learn how to prepare your C-suite, executive leadership, and development teams for what AI can do today — and will do in the near future — to accelerate software development.",{"text":951,"config":1014},{"href":1015,"dataGaName":1016,"dataGaLocation":928},"/the-source/ai/ai-guide-for-enterprise-leaders-building-the-right-approach/","AI Guide For Enterprise Leaders: Building the Right Approach","content:shared:en-us:the-source:source-lp-ctas:source-lp-ai-guide-for-enterprise-leaders-building-the-right-approach.yml","shared/en-us/the-source/source-lp-ctas/source-lp-ai-guide-for-enterprise-leaders-building-the-right-approach.yml","shared/en-us/the-source/source-lp-ctas/source-lp-ai-guide-for-enterprise-leaders-building-the-right-approach",{"_path":1021,"_dir":919,"_draft":6,"_partial":6,"_locale":7,"config":1022,"title":1023,"description":1024,"link":1025,"_id":1029,"_type":31,"_source":32,"_file":1030,"_stem":1031,"_extension":35},"/shared/en-us/the-source/source-lp-ctas/source-lp-how-to-get-started-using-ai-in-software-development",{"slug":505},"How to get started using AI in software development","Learn how to strategically implement AI to boost efficiency, security, and reduce context switching. Empower every member of your team with AI capabilities.",{"text":938,"config":1026},{"href":1027,"dataGaName":1028,"dataGaLocation":928},"/the-source/ai/getting-started-with-ai-in-software-development-a-guide-for-leaders/","How to Get Started Using AI in Software Development","content:shared:en-us:the-source:source-lp-ctas:source-lp-how-to-get-started-using-ai-in-software-development.yml","shared/en-us/the-source/source-lp-ctas/source-lp-how-to-get-started-using-ai-in-software-development.yml","shared/en-us/the-source/source-lp-ctas/source-lp-how-to-get-started-using-ai-in-software-development",1762543544230]