In 2025, DevOps teams woke up to find the automation landscape transformed. What began as AI-powered code completion tools in 2024 evolved into something far more ambitious: autonomous agents that can plan, execute, and optimize entire workflows without constant human supervision.

The shift happened fast. In January 2026, GitLab released version 18.8 with its Duo Agent Platform, introducing seven AI agents designed to automate tasks across the software development lifecycle. By May 2025, GitHub announced its own coding agent at Microsoft Build, embedded directly into GitHub and accessible through Visual Studio Code. Microsoft framed these developments under a new umbrella term: Agentic DevOps.

VISIT MY SUBSTACK FOR FREE ARTICLES, VIDEOS & PODCASTS >>

These agents represent a fundamental departure from traditional automation. Where scripts follow predefined rules and CI/CD pipelines execute fixed sequences, agentic AI brings something different to the table. These systems can break down complex goals into subtasks, choose their own approaches, and adjust their plans when obstacles appear.

What Makes it Agentic?

The technical distinction matters. A GitHub coding agent, for instance, spins up its own secure development environment using GitHub Actions, the CI/CD platform that executes over 40 million jobs daily. The agent clones repositories, analyzes codebases using advanced retrieval techniques, and writes code across multiple files. It pushes changes to draft pull requests, updates descriptions, and logs its reasoning along the way.

GitLab’s approach offers similar capabilities but emphasizes multi-step reasoning. Teams can assign agents to generate code, modernize pipelines, suggest security fixes, or create documentation. The system supports multiple AI models, letting organizations choose between options from Anthropic, Google, and OpenAI based on their specific needs.

Microsoft positioned these developments as moving from “copilots to agents.” The distinction captures something real. Copilots suggest next steps and wait for approval. Agents take the wheel for extended periods, operating asynchronously while developers focus elsewhere.

Where the Impact Shows Up

The practical applications emerged quickly in early deployments. At Carvana, the GitHub coding agent converts specifications to production code in minutes, according to the Senior Vice President of Engineering. EY’s DevEx Lead described teams building “agent-driven” workflows where multiple agents operate in parallel to amplify human work.

The tasks agents handle best fall into a clear pattern. They excel at fixing failed pipelines by analyzing errors and preparing recommended changes. They generate test suites for existing code. They modernize legacy applications by assessing dependencies and executing update plans. They review code and flag security vulnerabilities before deployment.

These capabilities address what developers consistently say they want least: testing their own code, fixing bugs, and standing up deployment environments. Agents handle the toil while humans focus on architecture and business logic.

Azure DevOps integrated directly with GitHub Copilot in early 2025, letting teams send work items straight to coding agents. The agent begins work, tracks progress on Kanban boards, and generates pull requests. The integration makes AI participation visible at the project management level, not just buried in individual IDEs.

The Security Challenge

The rapid adoption revealed a problem. By mid-2025, survey data from SailPoint found that 80 percent of organizations had encountered risky behaviors from AI agents. The issues ranged from improper data exposure to unauthorized system access.

The security challenges stem from agent autonomy itself. Traditional application security focuses on controlling inputs and outputs. Agentic systems require something different. Organizations must secure systems that remember past interactions, operate across multiple applications, and make decisions without waiting for human approval.

OWASP released its Top 10 for Agentic Applications in December 2025 after a year of research involving over 100 security experts. The framework identifies threat categories specific to autonomous systems: memory poisoning, tool misuse, identity abuse, and goal hijacking.

The EchoLeak exploit against Microsoft Copilot in mid-2025 demonstrated the stakes. Engineered prompts embedded in email messages triggered the agent to exfiltrate sensitive data without user interaction. Symantec conducted experiments showing how agents could harvest personal information and automate credential stuffing attacks.

McKinsey framed the governance challenge in stark terms: agents operate as “digital insiders” with varying levels of privilege and authority. Like human insiders, they can cause harm through poor alignment or deliberate compromise. The firm found only 1 percent of surveyed organizations believe their AI adoption has reached maturity.

What Works for Governance

Organizations implementing agentic AI successfully established several common practices. They created cross-functional governance councils that oversee all agent activity. These bodies meet monthly and report to boards quarterly, holding decision rights over deployment.

The technical controls follow a consistent pattern. GitHub’s coding agent, for example, can only push code to branches it creates, kept separate from main branches. The agent has limited access to its execution environment and requires human approval at each workflow stage. Developers who prompt agents to open pull requests cannot be the ones to approve them.

Identity management emerged as a critical component. Agents need authentication, access control, and auditability. They require scoped tokens that limit access to specific repositories and only the information needed to complete assigned tasks.

Observability matters more with agents than with traditional automation. Organizations set up detailed logging and tracing of agent actions. They monitor for anomalies tied to key performance indicators. They define triggers for escalations and establish accountability standards for agent decisions.

The Workflow Transformation

The impact on DevOps workflows goes beyond individual task automation. Agent mode in GitHub enables developers to describe complex infrastructure changes through natural language. The agent analyzes existing configurations, suggests improvements, and implements them across multiple files.

For troubleshooting, agents access logs and system state through the Model Context Protocol, a standard that functions like a “USB port for intelligence.” This allows agents to interface with various tools in the DevOps stack, creating unified experiences across previously siloed systems.

Organizations building agent workflows discovered they could chain multiple agents together for complex processes. One agent handles infrastructure provisioning. Another manages security compliance. A third optimizes application performance based on user behavior. The interconnected agents adapt to evolving requirements without human intervention for routine decisions.

The New Mandate for CTOs

Next Up?

The trajectory points toward deeper integration. Microsoft calls this vision “agentic DevOps,” where intelligent agents collaborate with developers and with each other to automate every stage of the software lifecycle. The promise involves crushing backlogs, addressing technical debt, securing applications, and maintaining production systems.

The reality will depend on solving governance challenges that most organizations barely started addressing in 2025. Only 6 percent of organizations currently leverage advanced security frameworks for AI, according to Stanford research. The gap between adoption enthusiasm and security maturity remains wide.

Teams moving forward with agentic AI need to treat it as an enterprise initiative, not a developer tool. They need measurable outcomes defined before deployment, not backfilled afterward. They need guardrails built into the initial architecture, not bolted on when problems emerge.

The technology offers genuine capability gains. Agents can handle complexity that defeats traditional automation. But the shift from systems that enable interactions to systems that drive transactions requires security thinking built in from the start, not added as an afterthought.

VISIT OUR WEBSITE >