Tools
Copilot Usage Metrics API Adds AI Adoption Cohorts
The Copilot usage metrics API has been updated to classify engaged users into AI adoption cohorts, allowing for a deeper analysis of how users are interacting with Copilot.
Apps, APIs, and developer tools that put AI to work right now.
The Copilot usage metrics API has been updated to classify engaged users into AI adoption cohorts, allowing for a deeper analysis of how users are interacting with Copilot.
Demonstrates a holistic observability solution using Amazon Managed Grafana dashboards to monitor both the quality and quantity of LLM inferences served on Amazon SageMaker AI endpoints, covering GPU utilization and quality metrics.
A critical Remote Code Execution (RCE) vulnerability has been disclosed in Gogs, a popular self-hosted Git service, allowing any authenticated user to execute arbitrary code. The flaw has a CVSS score of 9.4.
CodeQL 2.25.5 has been released, featuring accuracy improvements in static analysis across languages and specifically enhancing query accuracy for GitHub Actions security scanning.
Enterprise administrators can now set hard budget limits for GitHub Advanced Security (GHAS) licenses, effectively preventing teams from exceeding their allocated license budgets.
WorkOS proposes auth.md, a Markdown-based protocol that allows AI agents to register with web applications using standard OAuth flows, eliminating the need for manual user form submissions.
A new guide ranks eight leading authentication platforms (including Auth0, Cloudflare, and WorkOS) based on compliance, enterprise identity depth, and integration breadth, focusing on infrastructure needs for deploying AI agents and MCP servers.
Adoption of agentic AI capabilities in NDR is transforming security operations by enabling earlier threat detection, faster triage, and significant reduction in false positives, finally addressing historical concerns about data noise.
Introduces DART, a modular runtime designed to solve the dilemma of restoring failed tool agent executions while preserving committed downstream work, addressing the gap between mechanical rollback and semantic validity.
A coordinated campaign codenamed TrapDoor has infected npm, PyPI, and Crates.io ecosystems by distributing over 34 malicious packages designed to steal credentials.
A new Agent Toolkit for AWS is introduced, designed to consolidate roles such as solutions architect and data engineer into a single expert.
Perplexity has open-sourced Bumblebee, an internal security tool designed to protect developer systems by scanning software dependencies (like npm, PyPI, and Go modules) without executing any code.
Tencent has open-sourced TencentDB Agent Memory, a fully local memory system designed for AI agents, featuring a 4-tier memory pyramid and hybrid retrieval mechanisms, achieving significant gains in context reduction and accuracy.
Microsoft Research has announced Webwright, a terminal-native browser agent framework that utilizes GPT-5.4 to automate web tasks. The framework achieved a 60.1% score on the long-horizon Odysseys benchmark, setting a new high among open-sourced web automation harnesses.
A coordinated supply chain attack has infected eight packages on Packagist by injecting malicious code sourced from a GitHub Releases URL, targeting projects that ship JavaScript dependencies.
npm has rolled out new controls, allowing maintainers to stage package releases and mandate two-factor authentication (2FA) approval before packages are publicly installable, aiming to combat supply chain attacks.