Cloudflare outage on February 20, 2026 2026-02-21 David Tuber Dzevad Trumic On February 20, 2026, at 17:48 UTC, Cloudflare experienced a service outage when a subset of customers who use Cloudflare’s Bring Your Own IP (BYOIP) service saw their routes to the Internet withdrawn vi…
Code Mode: give agents an entire API in 1,000 tokens 2026-02-20 Matt Carey Model Context Protocol (MCP) has become the standard way for AI agents to use external tools. But there is a tension at its core: agents need many tools to do useful work, yet every tool added fills the m…
GitLab has extended the expiration of its GNU Privacy Guard (GPG) key used for signing Omnibus packages from February 2026 to February 16, 2028. This extension ensures the continued integrity of packages created within CI pipelines while remaining compliant with GitLab’s internal security policies regarding key exposure. By opting to extend the current key rather than rotating to a new one, GitLab aims to minimize administrative overhead for users who would otherwise be required to replace their trusted keys. ### Purpose and Scope of the Key Extension * The GPG key is specifically dedicated to signing Omnibus packages to prevent tampering; it is distinct from the keys used for repository metadata (apt/yum) and the GitLab Runner. * GitLab periodically extends the expiration of these keys to limit the potential impact of a compromise while adhering to modern security standards. * The decision to extend rather than rotate was made specifically to be less disruptive to the user base, as rotation mandates a manual replacement of the trusted key on all client systems. ### Impact and Required Actions * Users who do not specifically verify package signatures or have not configured their package managers to do so require no action to continue installing updates. * Administrators who validate Omnibus package signatures must update their local copies of the public key to reflect the 2028 expiration date. * The updated key can be found on GPG keyservers by searching for the ID `98BF DB87 FCF1 0076 416C 1E0B AD99 7ACC 82DD 593D` or the email `packages@gitlab.com`. * A direct download of the public key is also available through the official GitLab packages repository URL. Organizations that verify package signatures should refresh their trusted GPG keys as soon as possible to ensure seamless updates leading up to the original 2026 deadline. If technical issues arise during the update process, GitLab recommends opening an issue in the omnibus-gitlab tracker for support.
Modern AI assistants have evolved from general-purpose chatbots into specialized productivity tools that leverage Natural Language Processing (NLP) and Large Language Models (LLMs) to automate complex workflows. By selecting an assistant based on specific task relevance, integration depth, and technical capabilities like context window size, users can significantly reduce manual effort and context switching. Ultimately, the most effective tools are those that proactively support "in-flow" work rather than requiring users to step away from their primary applications. ### Technical Foundations of AI Assistants * Assistants use NLP to interpret the intent and tone behind everyday language, moving beyond the rigid menu-based structures of traditional software. * Responses are generated by LLMs trained on massive datasets, allowing the tools to recognize linguistic patterns and provide natural-sounding outputs. * Functionality is typically driven by prompts—typed or spoken requests—that allow the AI to summarize documents, refine messaging, or brainstorm project outlines. ### Evaluation Criteria for Professional Use * **Context Awareness:** This refers to the "context window," or the amount of information an AI can hold in its active memory; larger windows allow for the analysis of entire documents or long-term conversation history. * **Proactivity versus On-demand:** Some tools wait for a specific prompt, while others are "proactive," surfacing suggestions and refinements automatically as the user works. * **Integration Ecosystem:** High-value assistants operate as extensions within browsers (Chrome, Edge) or directly inside 100+ third-party apps to pull in relevant background info without manual data entry. * **Accuracy and Verification:** For research-heavy tasks, the best tools offer citations and references to mitigate the risk of "hallucinations" or incorrect data common in LLMs. * **Privacy and Security:** Professional-grade tools provide transparent data handling and storage policies, which is essential for teams managing sensitive information. ### Specialized Assistants and Use Cases * **Go:** A communication-focused assistant that works proactively within existing workflows to draft emails and improve clarity in real-time. * **ChatGPT:** A versatile, general-purpose tool best suited for technical problem-solving, coding support, and creative ideation, though it often requires manual context switching. * **Claude AI:** Optimized for high-volume text processing, making it the preferred choice for deep document analysis and complex, long-form revisions. To achieve the best results, users should audit their daily app usage and primary tasks—such as scheduling, coding, or drafting—before committing to a platform. Prioritizing an assistant that integrates directly into your most-used software will yield the highest productivity gains by eliminating the friction of copying and pasting data between windows.
Andrea is a Senior Developer Advocate at GitHub with over a decade of experience in developer tools. She combines technical depth with a mission to make advanced technologies more accessible. After transitioning from Army service and construction management to software developme…
The GitLab Threat Intelligence Team has detailed its efforts to disrupt North Korean (DPRK) cyber campaigns, specifically focusing on "Contagious Interview" malware distribution and fraudulent IT worker schemes. By analyzing internal platform data, GitLab identified that these state-sponsored actors leverage legitimate tools and fake recruitment scenarios to compromise software developers and generate illicit revenue for the regime. The report concludes that while these operations are sophisticated and persistent, proactive monitoring and cross-industry intelligence sharing are essential to mitigating these evolving threats. ### Contagious Interview Mechanics * Threat actors pose as recruiters to trick software developers into executing malicious JavaScript projects under the guise of technical interviews. * The primary goal is to deploy malware families such as BeaverTail and Ottercookie, which facilitate credential theft and provide remote control of the victim's device. * A notable evolution in tradecraft includes the use of "ClickFix," a compiled BeaverTail variant identified in late 2025. * Malicious repositories often use a specific execution pattern where base64-encoded URLs and secret headers are hidden within `.env` files, masquerading as benign configuration variables. * To execute the payload, actors utilize `Function.constructor` to load strings as executable code, often triggered by custom error handlers designed to source remote content. ### 2025 Campaign Trends and Infrastructure * GitLab banned 131 unique accounts linked to these campaigns in 2025, with activity peaking in September and averaging 11 bans per month. * Nearly 90% of malicious accounts were created using Gmail addresses, and actors typically accessed the platform through consumer VPNs or dedicated VPS infrastructure. * In more than 80% of cases, malware payloads were not stored on GitLab. Instead, actors used concealed loaders to fetch content from legitimate hosting services, most commonly Vercel. * Recent tactics include the creation of malicious NPM dependencies immediately before use and the exploitation of VS Code tasks to pipe remote content into native shells. ### IT Worker Campaigns and Sanctions Evasion * Beyond malware distribution, DPRK actors use GitLab to support "IT worker" cells that generate revenue and evade international sanctions. * One identified pipeline involved the creation of at least 135 synthetic identities, automated to generate professional connections and contact leads at scale. * Threat actors have been observed adding their own images to stolen U.S. identity documents to bypass employment verification processes. * Forensic analysis revealed financial records from cell managers detailing revenue proceeds from 2022 through 2025, often earned while operating from locations like Moscow, Russia. Organizations should remain vigilant against recruitment-themed social engineering and scrutinize unexpected requests to run external code. GitLab recommends that the security community use the provided indicators of compromise to update defensive posture, as these actors continue to refine their ability to hide malicious intent within legitimate development workflows.
How We Release the Spotify App: A Look Under the Hood (Part 2) Introduction In Part 1 of “How We Release the Spotify App”, we gave an overview of how the Spotify release process works. In Part 2, we will peek under the hood at the tooling that makes it possible. To understand wh…
The updated GitLab Security Dashboard addresses the challenge of vulnerability overload by shifting the focus from simple detection to contextual remediation and risk management. By providing integrated trend tracking and sophisticated risk scoring, the platform enables security and development teams to prioritize high-risk projects and measure the actual progress of their security programs. This update transforms raw security data into actionable insights that are tracked directly within the existing DevSecOps workflow. ## Transitioning from Detection to Remediation Context * Consolidates vulnerability data into a single view that spans across projects, groups, and entire business units to eliminate data silos. * Introduced initial time-based tracking in version 18.6, with version 18.9 adding expanded filters for severity, status, scanner type, and project. * Provides visualizations for remediation velocity and vulnerability age distribution, moving beyond static raw counts to show how quickly threats are being addressed. ## Data-Driven Prioritization with Risk Scoring * Utilizes a dynamic risk score calculated from multiple factors, including vulnerability age and repository security postures. * Integrates external threat intelligence such as the Exploit Prediction Scoring System (EPSS) and Known Exploited Vulnerability (KEV) scores to identify the most critical threats. * Allows teams to monitor risk scores over time to pinpoint specific areas of the infrastructure that require additional resources or immediate intervention. ## Strategic Impact for Security and Development Teams * Enables security leaders to prove program effectiveness to executives by showing downward trends in Common Weakness Enumeration (CWE) types and shrinking backlogs. * Streamlines the developer experience by highlighting critical vulnerabilities within active projects, removing the need for external spreadsheets or manual reporting tools. * Identifies specific teams or departments that may require additional remediation training based on their ability to meet company security policies. Organizations should leverage these updated dashboard features to transition from manual, reactive security tracking to an automated, risk-based posture. By integrating EPSS and KEV data into daily workflows, teams can ensure they are solving the most dangerous vulnerabilities first while maintaining a clear, measurable record of their security improvements.
GitLab 18.9 introduces critical updates designed to provide regulated enterprises with governed, agentic AI capabilities through self-hosted infrastructure and model flexibility. By combining the Duo Agent Platform with Bring Your Own Model (BYOM) support, organizations in sectors like finance and government can now automate complex DevSecOps workflows while maintaining total control over data residency. This release transforms GitLab into a high-security AI control plane that balances the need for advanced automation with the rigid sovereignty requirements of high-compliance environments. ## Self-Hosted Duo Agent Platform for Online Cloud Licenses The Duo Agent Platform allows engineering teams to automate sequences of tasks, such as hardening CI/CD pipelines and triaging vulnerabilities, but was previously difficult to deploy for customers under strict online cloud licensing. This update makes the platform generally available for these environments, bridging the gap between cloud-based licensing and self-hosted security needs. * **Usage-Based Billing:** The platform now utilizes GitLab Credits to provide transparent, per-request metering, which is essential for internal chargeback and regulatory reporting. * **Infrastructure Control:** Enterprises can host models on their own internal infrastructure or within approved cloud environments, ensuring that inference traffic is routed according to internal security policies. * **Deployment Readiness:** By removing the requirement to route data through external AI vendors, the platform is now a viable option for critical infrastructure and government agencies. ## Bring Your Own Model (BYOM) Integration Recognizing that many enterprises have already invested in domain-tuned LLMs or air-gapped deployments, GitLab now allows customers to integrate their existing models directly into the Duo Agent Platform. This ensures that organizations are not locked into a specific vendor and can leverage models that have already passed internal risk assessments. * **AI Gateway Connectivity:** Administrators can connect third-party or internal models via the GitLab AI Gateway, allowing these models to function as enterprise-ready options within the GitLab ecosystem. * **Granular Model Mapping:** The system provides the ability to map specific models to individual Duo Agent Platform flows or features, giving admins fine-grained control over which agent uses which model. * **Administrative Ownership:** While GitLab provides the orchestration layer, administrators retain full responsibility for model validation, performance tuning, and risk evaluation for the models they choose to bring. For organizations operating in high-compliance sectors, these updates offer a path to consolidate fragmented AI tools into a single, governed platform. Engineering leaders should evaluate their current model investments and leverage the GitLab AI Gateway to unify their automation workflows under one secure DevSecOps umbrella.
Inside the Archive: The Tech Behind Your 2025 Wrapped Highlights Every year, Spotify Wrapped gives hundreds of millions of listeners a snapshot of your year in listening. For 2025 Wrapped, we wanted to go deeper. What if we could identify interesting listening moments from your…
Congratulations to the recipients of the 2025 Spotify FOSS Fund TL;DR Established in 2022 as a way to help support the great open source ecosystem projects that Spotify relies on and that our developers love, the Spotify FOSS Fund provides monetary support to projects that under…
Background Coding Agents: Predictable Results Through Strong Feedback Loops (Honk, Part 3) This is part 3 in our series about Spotify's journey with background coding agents (internal codename: “Honk”) and the future of large-scale software maintenance. See also part 1 and part…
Why We Use Separate Tech Stacks for Personalization and Experimentation Introduction Personalized apps have become essential for improving user experience across diverse user bases. Rather than providing a one-size-fits-all experience for the “average user,” personalization deli…
Safeguarding Dynamic Configuration Changes at Scale How Airbnb ships dynamic config changes safely and reliably -- 4 Listen Share By Cosmo Qiu, Bo Teng, Siyuan Zhou, Ankur Soni, Willis Harvey Dynamic configuration is a core infrastructure capability in modern systems. It allows…
Osprey is an open-source safety rules engine designed to help platforms address emerging threats without the need to build custom security infrastructure from scratch. Developed through a collaboration between industry experts and the internet.dev team, it provides a standardized framework for investigating real-time activities and deploying dynamic safety measures. By using this engine, companies can significantly reduce engineering overhead while maintaining a proactive stance against platform abuse. **The Osprey Safety Rules Engine** * Functions as an open-source toolset aimed at replacing the fragmented, "reinvent the wheel" approach many companies take toward platform safety. * Enables security and moderation teams to monitor live activity streams to identify patterns of misuse as they occur. * Allows for the rapid creation and implementation of dynamic rules, ensuring that safety protocols can evolve alongside shifting threat landscapes. **Streamlining Engineering and Investigation** * Reduces the technical debt typically associated with building and maintaining internal safety tools by providing a pre-built, scalable engine. * Facilitates deep-dive investigations into platform events, allowing teams to react to threats with minimal intervention from core engineering staff. * Promotes a collaborative approach to safety by making the underlying technology accessible to the broader developer community. For organizations looking to strengthen their security posture, Osprey offers a practical alternative to bespoke safety systems. Teams should consider integrating the engine to automate their threat responses and leverage its real-time investigation capabilities to protect their users more efficiently.
