GitLab is deploying AI agents that automate the annoying manual tasks in security and planning to help DevSecOps teams cut through the noise.
Tech leaders know that the problem with current software delivery isn’t a lack of tools, it’s that there’s too much going on. Dev teams are swamped by chaos. Security dashboards are full of thousands of vulnerabilities, but only a few are a real threat.
In response, developers are always switching gears – planning, checking security, reviewing code, dealing with failures – which wastes a ton of time on busywork. This constant distraction kills productivity and puts the business at risk.
GitLab’s 18.5 release is trying to fix this mess, not by adding more dashboards, but by being smarter.
From AI chat to automated work
GitLab Duo Agent Platform features AI agents that are like automated DevSecOps team members, not just general helpers.
For security teams, the Security Analyst Agent turns manual vulnerability checks into smart automation. It doesn’t just find problems; it runs different tools and automatically applies security rules. The agent looks at the data, follows the set rules, and does the work quickly.
On the project management side, the GitLab Duo Planner tackles the real planning headaches that slow down product managers. The agent knows about your project and agile methods. Instead of digging through an old backlog, a manager can ask: What backlog items are out of date, and what should I focus on? The agent gives a summary, finds duplicates, and suggests priorities based on labels and milestones.
How it works and fits into your workflow
These AI features are in a new-look interface with a panel layout. This keeps the GitLab Duo Chat always visible, so the AI assistant is part of the DevSecOps workflow, not hidden away. Companies have time to adjust (the new UI is off by default in 18.5) but should become the standard in 18.6.
Some things to keep in mind for companies:
- First, the Duo Planner is read-only right now. It can look at things, plan, and suggest, but can’t actually make changes. This limits how much it can automate, since a person has to do the final steps.
- Second, some industries need to keep their data secure. The self-hosted GitLab Duo Agent Platform (in beta) helps with this. It lets companies run AI agents within their own systems, so sensitive data stays safe.
- Third, GitLab knows that companies use different AI platforms. The Extensible Agent Catalog adds popular AI tools as GitLab agents. This includes agents from Claude, OpenAI Codex, Google Gemini CLI, and Amazon Q Developer. This makes it easier to set up agents and lets teams use existing tools like Google Vertex AI or AWS Bedrock in their GitLab workflows.
AI’s role in helping DevSecOps teams focus on real threats
Beyond the AI agents, GitLab’s 18.5 release focuses on more intelligent security tools. The key thing for leaders is to focus on risks that can be exploited, not just potential risks.
New features like Static Reachability Analysis help teams see if vulnerable code is actually used, not just sitting there in dependencies. This, along with Secret Validity Checks that find active secrets from old ones, helps security teams fix real and urgent problems.
This focus on efficiency goes into the developer process, too. Diff-based SAST scanning speeds up scans by only looking at the code that changed. By cutting down on extra work, this gives faster feedback to keep developers focused.
For business leaders, GitLab 18.5 has two important things to note. First, AI is becoming more than just a chat helper for DevSecOps teams; it’s providing a set of special agents for tasks like security checks and planning. Second, the platform is working to reduce the noise; filtering out unimportant vulnerabilities and speeding up processes to help developers be productive and lower risks.
See also: Cisco tackles AI coding security with open-source framework
Want to learn more about AI and big data from industry leaders? Check out AI & Big Data Expo taking place in Amsterdam, California, and London. The comprehensive event is part of TechEx and is co-located with other leading technology events including the Cyber Security Expo, click here for more information.
Developer is powered by TechForge Media. Explore other upcoming enterprise technology events and webinars here.