InfoWorld

AI agents embedded in CI/CD pipelines can be tricked into executing high-privilege commands hidden in crafted GitHub issues or pull request texts. Researchers at Aikido Security have traced the problem back to workflows that pair GitHub Actions or GitLab CI/CD with AI tools such as Gemini CLI, Claude Code Actions, OpenAI Codex Actions or GitHub AI Inference. They found that unsupervised user-supp…

A grumpy Scrooge of a developer might complain about the wealth of options in JavaScript, calling it “tech decision overwhelm.” But the truth is, the JavaScript ecosystem works. In an ecosystem that encourages innovation, new tools are regularly introduced and naturally find their niche, and excellence is rewarded. As developers, we get to sit back and mouse-wheel through hundreds of thousands of…

It’s a foggy morning in Munich. Marie, CIO of a fictional, forward-thinking European healthcare startup, pores over proposals from cloud vendors. Her company is on the verge of launching AI-powered diagnostics but must keep every byte of patient data within EU borders to comply with strict regional privacy laws. On her desk are slick portfolios from Microsoft, AWS, and Google, all touting soverei…

Unison, a statically typed functional language with type inference, an effect system, and advanced tooling, has reached its 1.0 release status. Announced November 25 , Unison 1.0 marks a point where the language, distributed runtime, and developer workflow have stabilized, according to Unison Computing. Billed as “a friendly programming language from the future,” Unison is purported to bring bene…

OpenAI has agreed to acquire a startup specializing in tools for tracking AI training, Neptune, which promptly announced it is withdrawing its products from the market. OpenAI said in a statement. The ChatGPT maker has been a Neptune customer for more than a year. Experiment tracking tools such as Neptune’s enable data science teams to monitor AI model training runs, compare results across differ…

Open-source software has become the backbone of modern development, but with that dependency comes a widening attack surface. The npm ecosystem in particular has been a high-value target for adversaries who know that one compromised package can cascade downstream into thousands of applications. The Shai Hulud worm , embedded in npm packages earlier this year, was a stark reminder that attackers d…

Artificial intelligence and related technologies are evolving rapidly, but until recently, Java developers had few options for integrating AI capabilities directly into Spring-based applications . Spring AI changes that by leveraging familiar Spring conventions such as dependency injection and the configuration-first philosophy in a modern AI development framework. In this article, you will learn…

One concern many users have about AI is that often their data leaves their PC and their network, with inferencing happening in the cloud. They have big questions about data protection. That’s one of the main drivers for Microsoft’s Copilot+ PCs; the neural processing units that are built-in to the latest CPU systems on a chip run inferencing locally using small language models (SLMs) and other op…

Microsoft’s planned TypeScript 7.0 release, an effort to improve performance, memory usage, and parallelism by porting the TypeScript language service and compiler to native code, has made significant progress, Microsoft reports. A planned TypeScript 6.0 release, meanwhile, will be the last JavaScript -based version of TypeScript, bridging the current TypeScript 5.9 release to TypeScript 7.0. In …

Developers using the React 19 library for building application interfaces are urged to immediately upgrade to the latest version because of a critical vulnerability that can be easily exploited by an attacker to remotely run their own code. Researchers at Wiz said Wednesday that a vulnerability in the React Server Components (RSC) Flight protocol affects the React 19 ecosystem, as well as framewo…

Mistral AI’s latest batch of LLMs, officially released Tuesday, includes Mistral Large 3, a 675-billion-parameter model. It’s the company’s first mixture-of-experts model since the Mixtral series released at the end of 2023, and already ranks among the top open-source offerings on the LMArena leaderboard. While Mistral 3 Large model needs many high-powered processors to run, its nine smaller Mini…

AWS has released Kiro powers, an addition to the company’s Kiro AI-driven IDE that provides dynamic loading of context and Model Context Protocol (MCP) servers, with the intent of providing a unified approach to a broad range of development use cases. Announced December 3 , Kiro powers enables developers to access specialized expertise to accelerate software development. The new capability allows…

Enterprises are no longer asking whether they should adopt AI; rather, they want to know why the AI they have already deployed still can’t reason as their business requires it to. Those AI systems are often missing an enterprise’s specific business context, because they are trained on generic, public data, and it’s expensive and time-consuming to fine-tune or retrain them on proprietary data, if …

Node.js is one of the most popular server-side platforms, especially for web applications. It gives you non-blocking JavaScript without a browser, plus an enormous ecosystem. That ecosystem is one of Node’s chief strengths, making it a go-to option for server development. This article is a quick tour of the most popular web frameworks for server development on Node.js . We’ll look at minimalist t…

Once upon a time, IDEs focused on specific languages, like Visual Studio IDE for Microsoft C++ or IntelliJ IDEA for Java. But now there is a new wave of IDEs dedicated to agentic AI workflows . AWS Kiro has recently become generally available, and now Google has whipped the drapes off its own Antigravity IDE . Like Kiro, Antigravity is built from a fork of Visual Studio Code , which integrates An…