AI agents rolled out this month by two DevSecOps vendors are generating promising results because they are grounded in the context of software delivery platforms, according to IT pros who have tested them.
GitLab made its GitLab Duo Agent Platform generally available Jan. 15 to GitLab Premium and Ultimate subscribers on GitLab.com and in self-managed deployments, with planned availability for GitLab Dedicated single-tenant SaaS customers to follow. The platform includes Agentic Chat, which can analyze software development and delivery workflows; generate and test code, including infrastructure as code; help create and manage CI/CD pipelines; and explain, prioritize and recommend fixes for security vulnerabilities. Two foundational agents, a planner agent and a security analyst agent, are included at launch; users can also build custom agents. The GitLab Duo Agent Platform supports third-party agents such as Claude Code by Anthropic and Codex CLI from OpenAI.
"It not only generates code, which a lot of other IDEs or IDE plugins can do, but it also tightly integrates with a code repository to support fixing pipeline failures and easy-to-understand security reports," said Anuj Tyagi, a senior site reliability engineer at a communications company he requested not be named because of policies prohibiting him from representing it in the press, who tested the new Duo Agent Platform this week. "It's much better than I was expecting, especially how it understands context for a large repository and solves pipeline issues."
Taking on GitHub's head start in AI agents
GitLab's challenge -- and the challenge for any DevSecOps player marketing AI agents -- is the head start in the market enjoyed by GitHub and its parent company Microsoft, which have been rolling out AI agent integrations, including for DevOps workflows, over the past year. GitHub reported in October that more than 180 million developers use its code repositories.
In contrast to GitLab's focus on a unified platform, GitHub relies on Copilot Extensions to ease integration with third-party tools and extend capabilities across the pipeline.
Jim MercerAnalyst, IDC
"With agent-based [products], it's not just about features, but also how adoption and feedback drive improvements in AI accuracy and efficiency," said Jason Andersen, an analyst with Moor Insights & Strategy. "I'm interested in how much effort will be required to modify and ground the prebuilt GitLab agents for [a specific] environment."
The distinguishing feature for GitLab is that Duo agents operate within the full context and governance of GitLab's platform, according to Jim Mercer, an analyst at IDC.
"In contrast to GitLab's focus on a unified platform, GitHub relies on Copilot Extensions to ease integration with third-party tools and extend capabilities across the pipeline," Mercer said.
Tyagi said he finds GitLab's expanded DevSecOps capabilities more useful than GitHub Copilot overall, but noted there's room for improvement in AI agent performance.
"I have observed a noticeable performance difference between GitLab Duo in self-hosted deployments and the SaaS version, especially in how effectively prompts are understood and interpreted," he said. "From a business perspective, metrics such as coherence and accuracy are most meaningfully evaluated in the SaaS environment, where the models appear more mature."
A GitLab spokesperson did not comment on the performance of self-hosted AI agents as of press time.
GitLab Credits vs GitHub Actions pricing
GitLab's pricing approach might help it improve the accuracy and efficiency of its AI agents, Andersen said. GitLab Duo Agent Platform introduced GitLab Credits, along with grants of $12 and $24 in included credits per user for Premium and Ultimate subscribers, respectively. The credits will refresh monthly and users can apply them to any Duo Agent Platform feature; they can purchase more credits through a shared pool or pay for them monthly on-demand.
“The virtual credits model is an interesting way to encourage adoption," Mercer said. "[Grounding AI agents] could be a means to maximize these included credits."
Meanwhile, a recent controversy over self-hosted GitHub Actions pricing could also create an opportunity for rivals, according to one IT consultant. In December, GitHub disclosed plans to start charging $0.002 per minute for self-hosted runner usage on the GitHub platform, but withdrew those plans after customer complaints.
"I know of two companies that have backed away from that because they think that [the pricing change] potentially will come back at some time in the future," said Roger Blakely, fractional CIO at StratITech, a consulting firm in Silicon Valley, Calif. "They don't want an unexpected expense from their platform."
Harness AI SRE expands human context
Harness.io expanded the information available to AI agents within its DevSecOps platform this week with a new Human-Aware Change Agent for its AI SRE module. The new agent sits in on the human conversations that happen during incidents using chat channels or video conferencing rooms, integrates that context with machine-generated items such as service desk tickets, and links it back to any software changes that might have caused the incident.
Torsten Volk
One analyst predicted that enhancing this kind of human-AI collaboration will be a key topic as AI agents reach production this year.
"Human-AI collaboration is the most important key to AI success in general," said Torsten Volk, an analyst at Omdia, a division of Informa TechTarget. "The Harness SRE agent is very interesting in that regard, as it goes far beyond just adding Slack and war rooms as just another MCP source for agents to draw from, but it proactively has agents participate in communication flows."
The Harness approach to DevSecOps agents also features grounding in the context of the broader platform, but differs from GitLab's, Volk said.
"Instead of owning the entire platform like GitLab does, Harness gets its context from agent interaction," he said. "Which one is better? The proof lies in production deployments. From a conceptual perspective, both approaches can be equally viable, and ultimately both vendors will adopt them."
AI SRE wins over automotive company
The flexibility of the DevSecOps platform from Harness and AI SRE won over one large automotive software company last year, according to StratITech's Blakely, who asked that his client not be named.
The automotive company faced long incident management times with its previous manual process, which has been greatly improved by the Harness AI SRE module in beta testing, Blakely said.
As with any generative AI deployment, grounding its context in well-managed data sources was a requirement to get started, which took some time. It is also still working through classification and defining management workflows for some 200 applications under management.
"I'm also doing an engagement with them on observability, where there were some gaps, so it took them some time to actually identify that there was a problem sometimes," Blakely said. "But with AI SRE and the integration with CI/CD pipelines and telemetry, they're now being notified very quickly. What used to take 60 minutes or longer, they're now down to two or three minutes to resolve."
Blakely also said the modularity and third-party tools integration of the Harness platform strike a balance between comprehensive context and flexibility. This is key for the automotive client because while it plans to consolidate, it still has two other DevOps pipeline platforms in use.
"In some cases, it won't make sense to consolidate," he said. "The beauty of Harness is, you can pick and choose what you want, and the AI SRE can still hook into the others and still get the information required for the incident management process."
Blakely said he hopes that his client will embrace fully automated incident response in the future, but the Human-Aware Change Agent could be useful as a transitional step.
"They're not ready for that yet, but I'm a big believer that this whole process could be automated," he said. "I think [the Human-Aware Change Agent] will be there until they have faith in its capabilities."
Beth Pariseau, a senior news writer for Informa TechTarget, is an award-winning veteran of IT journalism. Have a tip? Email her.
Dig Deeper on Systems automation and orchestration
Torsten Volk
