惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

有赞技术团队
有赞技术团队
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
P
Palo Alto Networks Blog
C
Cisco Blogs
The Hacker News
The Hacker News
T
Threatpost
S
Schneier on Security
K
Kaspersky official blog
Spread Privacy
Spread Privacy
博客园_首页
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
NISL@THU
NISL@THU
量子位
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Google DeepMind News
Google DeepMind News
Security Latest
Security Latest
博客园 - 司徒正美
云风的 BLOG
云风的 BLOG
博客园 - 叶小钗
H
Hackread – Cybersecurity News, Data Breaches, AI and More
N
News and Events Feed by Topic
爱范儿
爱范儿
P
Proofpoint News Feed
C
CERT Recently Published Vulnerability Notes
Project Zero
Project Zero
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Cisco Talos Blog
Cisco Talos Blog
GbyAI
GbyAI
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Apple Machine Learning Research
Apple Machine Learning Research
T
Tenable Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
V
Vulnerabilities – Threatpost
Forbes - Security
Forbes - Security
博客园 - 三生石上(FineUI控件)
C
Cyber Attacks, Cyber Crime and Cyber Security
N
News and Events Feed by Topic
V
V2EX
Webroot Blog
Webroot Blog
The Register - Security
The Register - Security
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
阮一峰的网络日志
阮一峰的网络日志
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Blog — PlanetScale
Blog — PlanetScale
M
MIT News - Artificial intelligence
Scott Helme
Scott Helme
Simon Willison's Weblog
Simon Willison's Weblog
L
LangChain Blog
W
WeLiveSecurity
Cloudbric
Cloudbric

The New Stack | DevOps, Open Source, and Cloud Native News

Agentic development hinges on verification. For cloud-native software, that is a runtime problem. AI agents need infrastructure: Why Europe’s regional cloud strategy matters Transform your AI coding agent into a deterministic Java Spring expert WeAreDevelopers is coming to the US to give unsung developers a bigger voice Cleaner AI training data, fewer bugs: Sonar’s SonarSweep explained Observability overload is drowning engineers Google’s DiffusionGemma is 4x faster than its other Gemma models Fable 5: Guardrails and burn rate are annoying users, who say it’s still better than Opus 4.8 The Anthropic leader who built Claude Code says he ditched prompting — now he just writes loops. AWS can now mathematically prove your VMs are isolated Microsoft pulled 73 GitHub repos after malware attack — but still won’t say who’s compromised Databricks wants to kill the “email me a file” problem for AI agent skills Ramp bets forward deployed engineers can do what off-the-shelf finance AI can’t Git real: AI agents aren’t just for solo developers anymore Anthropic launches Claude Mythos/Fable 5, but you better try it soon This AI agent startup ditched Anthropic for DeepSeek — and says it’s saving millions When your data model is the bottleneck: lessons from Medium’s feature store How long before we stop reading the code? The tokenmaxxing party is over, and Revenium is mopping up How AI is solving the memory crunch it created Microsoft’s pitch to enterprises: Ditch Azure Repos for GitHub, despite its rocky reliability record Claude Code’s biggest upgrade yet ran 5 agents at once — here’s what happened Why Anthropic just doubled Claude Cowork limits at no charge For years, Apache Cassandra handed this work to your team — 6.0 takes it back “A dangerous combination”: The 2 factors that can “corrupt” AI agent workflows With Foundry, Microsoft bets the enterprise AI battle is about reliability, not capability Microsoft unlocks Visual Studio for developers left behind by its own AI AI teams now deploy 1,000 times a month. Your pipeline wasn’t built for that. Microsoft just made the agent runtime free — and kept everything around it “Whoever builds the most joyous product wins”: The agent war begins Netlify CTO Dana Lawson: Writing code is no longer the job From Jupyter Notebook to production: How to ship AI systems that actually work OpenClaw used Gavriel Cohen’s code and exposed the AI Agent accountability problem Replit shows how vibe coding is getting its own financial stack — and a path to profit Cloudflare aqui-hires VoidZero: Did a piece of the open web just stabilize, or become more brittle? Cursor cuts prices and adds enterprise spend controls amid “tokenomics” reckoning Google Gemma 4 12B nearly matches 26B benchmarks — and runs on your laptop Snowflake thinks it knows what’s really slowing developers down Autonomous agents have met their biggest challenge yet: The database. Why agentic AI makes the ops platform the most important layer in the enterprise How to dramatically improve enterprise security alert tuning to battle cyberattacks Why the need for humans won’t disappear in the age of autonomous databases How to secure Kubernetes in the age of AI workloads Asana says its new AI “chief of staff” turns your Slack chaos into trackable work Nvidia’s best model is now live Mate Security’s Asaf Wiener made every backend engineer a model router. He’s right to. The AI cost crisis finally has a watchdog — just not the companies causing it How to get operational data off the factory floor without creating an IT breach Why CPUs still matter in the age of AI agents Rayfin: Microsoft’s answer to the gap between vibe coding and enterprise production Microsoft bets the enterprise AI race will be won on data context, not model power “A successful attack could be catastrophic”: Anthropic gives more groups access to Claude Mythos How GitHub plans to win developers back Microsoft really, really, really wants developers to love Windows again With Intelligent Terminal, Microsoft is reinventing the Windows terminal Microsoft debuts “Scout” at Build, a new personal agent for work OpenAI’s Codex adds new tools — Sites, Annotations, more plugins — for knowledge workers GitHub Copilot’s usage-based billing is live: Here’s what you need to know OpenAI, Anthropic, Google, Amazon, and xAI all fail on type of attack, study finds JetBrains open-sources Mellum2 to go where Claude Code can’t Claude Code vs. Cursor vs. Codex vs. Antigravity — six months in This coding agent doesn’t want your feedback — it ships without it “Blowing things up”: The one move vendors got wrong on AI agents At Sapphire, SAP makes the case that enterprise AI is a context problem Gavriel Cohen found his own code inside OpenClaw, so he walked away AI retrieval at scale is becoming a systems problem, not a tooling problem The DIY platform trap that’s burning out engineering teams I tested Cursor’s new Jira integration and it’s 5 stars, no notes. Here’s why. Why GPT-5.4, Claude, and Gemini can’t agree on basic, real-world facts Replit’s vibe coding platform just got a Visa-backed identity layer for AI agents — and it changes how agents spend money Opus 4.8 Made Claude Smarter. Token Discipline Got Urgent. Why Linux creator Linus Torvalds gets angry hearing “99% of code is AI” Vendor neutrality isn’t magic: A hard look at the OpenTelemetry ecosystem “The AI did it” won’t save you when EU regulators come knocking The fix for soaring AI cloud bills exists — so why won’t we trust it? AI is shipping code faster than security was built to handle Why AWS scrapped OpenSearch’s architecture to chase agent workloads Claude Opus 4.8 is here: effort controls, dynamic workflows, cheaper fast mode, better honesty, less deception Percona celebrates 20th birthday with new foundation — and a goat cake Why OpenAI and Anthropic are hiring forward deployed engineer teams Claw-style AI agents are coming to the enterprise. The governance infrastructure is still catching up. The agentic identity crisis: Why your security isn’t ready for the AI revolution Debugging the undebuggable: building observability into probabilistic AI systems Snowflake commits $6B to AWS as it pushes deeper into AI Why MotherDuck refuses to fork DuckDB Researcher “gave Claude Code ‘ADHD’… and it thinks 2x better now.” Outside experts want more proof. “There is no accountability”: AI coding agents are installing packages no one owns “Tokenmaxxing is real, expensive & it’s spreading”: AI budgets are exploding With Google’s debut, the most important AI agent feature is now the most boring one Why AI agents need a Context Lake Google ranks the best AI for building Android apps, and the winner isn’t Gemini Google pushes Pro, Ultra, and free users from open-source Gemini CLI to closed-source Antigravity CLI The reason enterprise outages almost never start where ops teams think Taming the agentic influx: a blueprint for AI business observability How the AC/DC framework helps teams govern AI coding agents GitLab 19.0 trades its string section for a full DevSecOps orchestra Who’s monitoring the agents? How Jaeger hit 8.6× compression on 10 million spans with ClickHouse What ClickHouse learned from a year of coding with AI agents OpenClaw passed 300,000 GitHub stars. Then Google launched Spark.
Greptile, Cursor, and Devin agree that agents should run their code. What they run it against matters.
Arjun Iyer · 2026-06-27 · via The New Stack | DevOps, Open Source, and Cloud Native News

The industry has recognized that shipping agent code at scale requires runtime verification, and it is moving that way fast. However, the scope of that verification remains limited for most teams.

A consensus is forming in agentic development: To ship code from agents at scale, you have to enable them to verify their code at runtime. Static verification, reading the diff and running unit tests against mocks, is not enough. 

The constraint is knowing whether what an agent produced actually works, and that answer only exists once the code runs. So the industry is moving verification out of the human review queue and into the agent’s own loop, giving agents a place to run their work and check it before a person ever sees the change. 

“The industry has recognized that shipping agent code at scale requires runtime verification, and it is moving that way fast. However, the scope of that verification remains limited for most teams.”

Greptile, Cursor, Codex, and Devin all now run the code an agent writes rather than only reading it.

That is the right direction. Once agents open pull requests faster than people can review them, review becomes the bottleneck. Stripe’s internal agents ship more than 1,000 reviewed PRs per week. An agent that can run its own code, read the failures, and fix them before handoff is what keeps that bottleneck from landing entirely on your senior engineers.

For cloud-native teams, this is not a nice-to-have. And it is where the approach most companies are adopting hits a ceiling. The common pattern gives each agent its own sandboxed environment, a snapshot that reproduces what a developer can run locally. For a self-contained application, that is enough. 

For an agent working in a distributed system, it verifies one service against mocks and misses behavior that only appears when the change interacts with the rest of the system.

That behavior, integration, and the other system-level tests are where the expensive bugs live. The trend is right. The question is whether the runtime your agents verify against is the real system or a stand-in for it.

The industry is converging on runtime

The clearest signal is that agent tools have stopped just reading the diff and started running it. Static analysis has a ceiling: It can reason about what code says, not what it does. A race condition that needs a real request, a regression that only appears after a page renders — none of it shows up in the text.

The trend is visible everywhere. Greptile recently announced TREX, a new feature that executes each change in a disposable sandboxed environment and returns logs, traces, and screenshots of what happened. Cursor’s cloud agents clone the repo into their own VM to build and test. OpenAI’s Codex Cloud does the same. Devin runs in a full environment with its own shell and test runner. Different products, one move: Give the agent a place to run its work and prove it before handoff.

Runtime verification is exactly the layer most agentic stacks are missing, and pushing it into the agent’s own loop is how review stays fast as volume climbs. The open question is the level of runtime fidelity it takes to actually call a change verified.

Where it has to go further for cloud-native teams

The approach all these tools have taken is to give an agent roughly what a developer has at their desk: its own service, the dependencies it can start locally, and mocks standing in for everything else. That is a real and useful capability, and it is the correct direction.

For a cloud-native application built from many services, it covers less than half of it. The rest of the surface it misses is the part that matters most: How the change behaves relative to the rest of the system. A mock only returns the answer someone expected in advance. It can confirm an assumption but never catch a wrong one. And the expensive bugs in these systems are exactly the ones that break an assumption where two services meet:

  • Contract drift between services
  • A serialization mismatch at a boundary
  • A retry or timeout policy that misbehaves two hops away

None of that shows up in a unit test or against a mock. It surfaces in integration tests, end-to-end tests, and the other system-level checks that only mean something when the change runs against the real services, real data, and real traffic around it. 

The same goes for the non-functional behavior teams care about most: Performance and load regressions, resource contention, and runtime security issues surface only when the change runs inside a realistic system. That is the layer a sandboxed environment cannot reach.

The intuitive fix, cloning the whole system into every agent’s environment, does not hold up. Standing up dozens of stateful services with their data and config, fresh for each agent on every iteration, is impractical at the volume and speed with which agents generate code. And a copy is still a snapshot, not the live system.

Diagram showing the extent of stand-ins for real dependencies in a sandbox model.

An architecture that reaches the whole system

The way through is to stop giving each agent its own copy of the system and instead let every agent run verification against one shared, production-like system with isolation.

The pattern is straightforward. A shared cluster runs all the real dependencies, the full set of services as they behave in production. To verify a change, you deploy only the modified service into that baseline and use request-level isolation to keep each agent’s traffic on its own path. The agent’s requests hit its version of the service and then flow through the underlying real services. Everyone else’s traffic stays on the baseline, untouched.

This gives the agent a realistic runtime in which its change runs alongside the live services, data, and policies it has to work with. Integration and system behavior become observable because the interactions are real rather than mocked.

It also scales to the way agents work. Because each change is just one service layered onto the running system rather than a private copy of everything, many agents can verify at once, cheaply, without colliding. The environment is lightweight and short-lived, and it runs on infrastructure the team already operates. This is the model we build at Signadot. Today, that means Kubernetes, though the same idea will carry over as the tooling matures.

Diagrammatic representation of an architecture that reaches the whole system.

It fits the loop the agent tools already use. The agent writes, runs, reads the failure, and tries again, all before the pull request. What changes is the bar for a passing run. Not green against mocks the agent wrote to match its own assumptions, but correct against the real system those assumptions describe.

The trend is right. The reach is the question.

Runtime verification is becoming a first-class part of how software ships, and that is the correct evolution. The teams furthest ahead already treat the agent’s job as write, prove, debug, repeat, not just write.

“Not green against mocks the agent wrote to match its own assumptions, but correct against the real system those assumptions describe.”

The question for anyone running a cloud-native system is how far that proof reaches. An isolated per-agent environment verifies a change on its own, and for many changes, that is enough.

Proving a change is right when it has to work alongside everything around it is a different problem. It takes integration and system-level verification against a runtime that holds the rest of the system, not a stand-in for it. 

The teams that get the most out of background agents will be the ones whose verification loop reaches the whole system, not just the service in front of them.

YOUTUBE.COM/THENEWSTACK

Tech moves fast, don't miss an episode. Subscribe to our YouTube channel to stream all our podcasts, interviews, demos, and more.

Created with Sketch.