惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Martin Fowler
Martin Fowler
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
博客园 - 聂微东
IT之家
IT之家
GbyAI
GbyAI
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Y
Y Combinator Blog
博客园 - 【当耐特】
The Cloudflare Blog
宝玉的分享
宝玉的分享
罗磊的独立博客
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
V
Visual Studio Blog
小众软件
小众软件
博客园_首页
Last Week in AI
Last Week in AI
J
Java Code Geeks
V
V2EX
雷峰网
雷峰网
Apple Machine Learning Research
Apple Machine Learning Research
阮一峰的网络日志
阮一峰的网络日志
腾讯CDC
博客园 - 司徒正美
Engineering at Meta
Engineering at Meta
The GitHub Blog
The GitHub Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
D
DataBreaches.Net
博客园 - 三生石上(FineUI控件)
MyScale Blog
MyScale Blog
云风的 BLOG
云风的 BLOG
The Register - Security
The Register - Security
M
MIT News - Artificial intelligence
Microsoft Azure Blog
Microsoft Azure Blog
T
The Blog of Author Tim Ferriss
N
Netflix TechBlog - Medium
F
Full Disclosure
B
Blog
H
Help Net Security
C
Check Point Blog
WordPress大学
WordPress大学
人人都是产品经理
人人都是产品经理
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Jina AI
Jina AI
酷 壳 – CoolShell
酷 壳 – CoolShell
Blog — PlanetScale
Blog — PlanetScale
L
LangChain Blog
P
Proofpoint News Feed
D
Docker
Microsoft Security Blog
Microsoft Security Blog

GitLab

Green DevOps: Why carbon measurement belongs in your CI/CD pipeline GitLab Patch Release: 19.1.2, 19.0.4, 18.11.7 How we used AI agents to migrate GitLab rate limiting Keep your GitLab seats in check with restricted access GitLab Patch Release: 18.8.11 | GitLab Docs Claude Sonnet 5 on GitLab: More reliable, more efficient What Google Antigravity agents get full context with GitLab Orbit GitLab Patch Release: 19.1.1, 19.0.3, 18.11.6 GitLab 19.1 release notes | GitLab Docs AI Catalog updates for governance and operations One vulnerability view: From scanner coverage to AI governance GitLab named a Leader in the 2026 Gartner® Magic Quadrant™ for DevSecOps Platforms GitLab and Capgemini accelerate DevSecOps transformation Introducing the 2026 EMEA GitLab Partner Award winners GitLab Patch Release: 19.0.2, 18.11.5, 18.10.8 Introducing GitLab Orbit GitLab Flex: Commit once, reshape your seats and AI spend GitLab: Built for the agentic engineering era GitLab on Google Cloud: Fully managed, compliant, and AI-ready Shai-Hulud copycat campaign targets Python developers through PyPI typosquatting Mythos-class Claude Fable 5 arrives on GitLab Duo Agent Platform GitLab Patch Release: 19.0.1, 18.11.4, 18.10.7 Claude Opus 4.8 on GitLab: Complex agentic work, less disruption Agentic coding is only as good as its context GitLab Patch Release: 18.9.8, 18.8.10, 18.7.7, 18.6.8, 18.5.7 Full security scanner coverage of your codebase in minutes Reduce supply chain risk with SBOM-based dependency scanning Transform MRs from manual tasks to an automated workflow Track CI component usage across your organization Manage CI/CD credentials with GitLab Secrets Manager More AI models for GitLab Duo Agent Platform Self-Hosted GitLab 19.0 | GitLab Docs GitLab Dedicated for Government now GovRAMP-authorized Fix bugs with Codex and GitLab 5 ways to fix misleading vulnerability severities with policy Harden your pipeline perimeter for the era of AI-assisted coding GitLab Patch Release: 18.11.3, 18.10.6, 18.9.7 GitLab Act 2 Consolidate your GitLab stack with Gitaly on Kubernetes Limit token exposure with fine-grained PATs Automate deployment processes with GitLab Duo Agent Platform Claude Code and GitLab: Three workflows that ship 8 Agentic AI patterns reshaping team collaboration How to detect and prevent Contagious Interview IDE attacks Atlassian will train on your data: Opt out with GitLab Automate detection testing with GitLab CI/CD and Duo
Beyond BYOK: Why governance matters for AI agents
Jessica Hurwitz · 2026-05-18 · via GitLab

GitHub recently announced that Copilot CLI now supports bring-your-own-key (BYOK) and locally running models. Developers can route CLI requests through their own model provider or run a local model entirely offline.

But model selection is a starting point, not a destination. The harder problem is what happens when AI starts taking actions across your software delivery pipeline. Triggering builds. Interacting with your CI/CD configuration. That's where the architectural choices underneath a CLI tool start to matter.

Two different definitions of "terminal AI"

GitHub's announcement extends what Copilot can do at the developer's individual workstation. There is no organization-level control that enforces which model a team uses or produces an auditable record of what the agent did and why. For teams running AI in automated workflows, it's a meaningful gap.

GitLab Duo CLI starts from a different premise. Built on GitLab Duo Agent Platform, it's designed for both the developer sitting at a terminal and teams with their agents automating security, verification, compliance and deployment workflows across many projects, each with many release cycles. To further improve end-to-end automation, GitLab Duo CLI supports headless mode: non-interactive, scriptable, and built to run inside CI/CD pipelines. With Duo CLI, governance controls apply through to the pipeline execution.

Why model choice isn't the same as governance

The first generation of AI coding tools was optimized for the interactive session: a developer asking questions, reviewing suggestions, accepting or rejecting completions. The security model for that use case is relatively straightforward because a human is in the loop at every step.

Agentic AI in automated workflows is a different challenge. When an agent can run tests, modify configurations, and take multi-step actions across your software delivery lifecycle without a human reviewing each step, the security requirements change significantly. The questions that matter are no longer just "which model is this?" They become: what can this agent access? What is it authorized to do? What actions did it take and can I prove it?

GitLab Duo CLI addresses these uniformly at the platform level. In interactive mode, no action is taken without human-in-the-loop approval. Prompt injection detection, which prevents malicious inputs from hijacking agent behavior mid-workflow, is built into the GitLab Duo Agent Platform. Composite identity scopes what the agent can access to only what it has been explicitly authorized to use, making every AI-driven action auditable. Custom instruction files like AGENTS.md and SKILL.md let teams define precisely which tasks and actions their agents are permitted to take.

Key use case: CI/CD pipeline automation

The workflows where CLI-based AI can create real leverage include debugging broken pipelines at the end of a sprint, and running multi-step development tasks.

These are also the workflows where per-developer configuration and platform-level governance diverge most sharply. When an agent is running inside a pipeline, there's no developer available to approve a prompt injection attempt or notice that the model behaved unexpectedly. Instead, the security controls have to be in the platform, and they have to be consistent across every workflow and every environment.

The right question for engineering leaders

Before committing to any AI tooling at the platform level, it's worth asking: Does the implementation require enterprise-level control? And, should the security model hold when no human is watching?

Model flexibility and offline support for CLI tools are critical for teams to gain more control over which AI models. The governance architecture underneath such model selection is what determines whether a capability can be deployed in production.

GitLab Duo CLI powered by Duo Agent Platform supports a mix of self-hosted and GitLab-hosted models, meaning teams can keep their most sensitive workloads on infrastructure they control while using GitLab-hosted models for everything else. That flexibility matters for organizations that want greater data sovereignty, without having to wait for the full infrastructure.

Use GitLab Duo CLI today

You can experience the benefits of GitLab Duo CLI by starting a free trial of GitLab Duo Agent Platform.

If you are already using GitLab in the free tier, you can sign up for GitLab Duo Agent Platform by following a few simple steps.

And if you are an existing subscriber to GitLab Premium or Ultimate, you can take advantage of GitLab Duo CLI by simply turning on Duo Agent Platform and using the GitLab Credits that are included with your subscription.