Technical

The McKinsey Incident Is a Warning Shot for AI-Native Design

An AI agent compromised McKinsey's GenAI platform, Lilli, in 2 hours via application, API, and AI-layer flaws. The incident is a warning about unified application runtime security.

Michael Isbitski

March 31, 2026

Time to read

When an offensive security AI agent can compromise one of the world’s most sophisticated consulting firms in under two hours with no credentials, guidance, or insider knowledge, it’s not just a breach but a warning sign to industry.

That’s exactly what happened when an AI agent targeted McKinsey’s Generative AI platform, Lilli. The agent chained together application flaws, API misconfigurations, and AI-layer vulnerabilities into a machine-speed attack. This wasn’t a novel zero-day exploit. It was the exploitation of familiar application security gaps and newer AI attack vectors, amplified by AI speed, autonomy, and orchestration.

Enterprises are already connecting functionality and troves of data through APIs. Increasingly, they’re wiring up applications with Generative AI and agentic workflows to accelerate their businesses. The risk of intellectual property loss and sensitive data exposure is amplified exponentially. Organizational teams must rethink their AI security strategy and likely also revisit API security in parallel.

Offensive AI Exposes the Soft Underbelly of AI Systems

Let’s be precise about what happened, avoiding the blame for McKinsey moving at a pace that much of the industry is already adopting with application and AI technology.

The offensive AI agent probing McKinsey’s AI system was quickly able to:

Discover 200+ API endpoints via public docs.
Identify 22 unauthenticated endpoints.
Exploit a SQL injection flaw in an unauthenticated search API
Enumerate a backend database via error messages.
Escalate privileges for full access across the platform.

From there, the AI agent accessed:

46.5M internal chat messages with sensitive data.
728K files containing research and client records.
57K user accounts covering the entire workforce.
95 system prompts governing AI behaviors.

Even experienced penetration testers don’t move this fast, not without AI tools to augment their testing. Many would stumble to find the type of SQL injection flaw present, let alone all the other elements in the attack chain.

Attack Chains Span Application Layers

What makes this security incident different and intriguing is how the AI agent crossed layers of the technology stack that are now prominent in AI-native designs.

1. Application Layer

McKinsey’s search API was vulnerable to blind SQL injection. The AI agent discovered that while values were parameterized (a security best practice), it could still inject into JSON keys used as field names in the backend database and analyze the resulting error messages. Through continued probing and evaluation of these error messages, the agent mapped the query structure and extracted production data.

These are long-known weaknesses in how applications are secured. Many organizations rely on web application firewall (WAF) instances to filter and monitor web application traffic and to stop attacks such as SQL injection. However, attack methods constantly evolve. Blind SQL injection, where attackers infer information from the system without seeing direct results, is harder to detect and works by analyzing system responses to invalid queries, such as those that delay server response. These attacks can also be made to look like normal data traffic.

Security teams need monitoring capabilities that analyze application traffic over time to identify anomalous behaviors and the signals of an attack.

2. API Layer

The offensive agent quickly performed reconnaissance of McKinsey’s system to understand its API footprint and discovered that 22 API endpoints were unauthenticated, one of which served as the initial and core point of compromise.

The public API documentation served as a roadmap for the AI agent, detailing the system's structure and functionality. This presents a tricky proposition, since well-documented APIs and API schema definitions are critical to increasing adoption of productized APIs, enabling AIs to find your services, and facilitating agent orchestration.

APIs aren’t just data pipes anymore; they’re also control planes for AI systems.

APIs serve as control planes in AI-native designs, managing the configuration of model commands and access controls, and also connecting the various AI and data services. Compromising this layer enables attackers to manipulate AI configuration, control AI behavior, and exfiltrate data.

The major oversight here was the presence of 22 unauthenticated API endpoints that allowed unfettered access. This is a critical API security vulnerability, known as broken authentication.

Lack of proper authorization enabled the AI agent to manipulate unique identifiers assigned to data objects within the API calls, increase its own access permissions (escalate privileges), and retrieve other users' data. The weakness is commonly known as broken object-level authorization (BOLA), where system checks fail to restrict user or machine access to specific data. McKinsey’s AI design also allowed direct API access to backend systems, potentially exposing internal technical resources and violating zero-trust architecture (ZTA) principles. With ZTA, you must presume that the given identity and the environment are compromised, operate with least privilege, and ensure controls are in place to limit blast radius in the event of an attack. At a minimum, all identities must be continuously authenticated and authorized before accessing resources.

3. AI Layer

A breach in an AI system essentially provides centralized access to all organizational knowledge. A successful intrusion can grant control over system logic via features such as writable system prompts. This enables attackers to rewrite AI guardrails, subtly steering AI to bypass compliance policies, generate malicious code, or leak sensitive information.

New risks arise when organizations aim to improve AI system usefulness by grounding them with other sources (e.g., web searches, databases, documents, files) or using retrieval-augmented generation (RAG) pipelines that connect data sources to AI systems. This is done to tweak the prompts sent to LLMs and improve the quality of responses. However, attackers exploit these connections to corrupt the information processing or trick the AI into revealing sensitive or proprietary data.

With its elevated access, the AI agent had the ability to gain influence over:

How the system reasons by corrupting prompts or RAG context that dictate AI logic
What the system returns by manipulating LLM prompts and responses
What users trust when malicious code or actions are inserted into outputs from authoritative internal tools that are used unknowingly by users or other agents.

A breach in the AI layer is not just a security incident, but a core attack on the integrity and competence of the business.

The rise of generative AI has further dissolved traditional security perimeters and created critical new attack vectors. Attackers can now target core mechanisms of institutional intelligence and reasoning, not just data.

Point Solutions Will Continue to Fail

Traditional "defense in depth" thinking segments application and AI protection into isolated layers, commonly WAFs, API gateways, API runtime security, and AI guardrails. While offering granular protection, such approaches inadvertently create a critical security blind spot: they fail to track sophisticated, multi-stage attacks that exploit handoffs between application layers.

Modern attacks are fluid campaigns. They may target frontend code as the initial attack vector, abuse APIs to attack business logic, bypass access controls enforced by gateways, pivot to database services for data exfiltration, and leverage access to manipulate reasoning of AI services.

The fatal flaw is the inability to maintain a single, unbroken chain of contextual awareness across the entire sequence. Each isolated WAF, gateway, or AI guardrail only sees a segment of the event and loses visibility once the request passes to the next layer. This failure to correlate events in real-time across APIs, applications, databases, and AI services is the blind spot that attackers exploit. By the time related signals are gathered and correlated in an organization’s SIEM, the breach has already occurred. True resilience requires a unified runtime platform to quickly identify, correlate, and respond to complex application attack chains.

Shift From Tools to Platforms

To connect signals and stop advanced attacks, organizations need correlated visibility and control across their application, API, and AI footprint. This essential capability comes from three key elements.

1. Unified Visibility & Signal Correlation

A platform must identify your application assets by combining and analyzing traffic signals from:

Application traffic: Signals generated by user interfaces, including chatbots, web applications, and client-side code.
API traffic: Signals generated by applications, system integrations, and agents that invoke functionality or act on data.
AI interactions: Signals generated when user or machine identities generate prompts, receive responses, locate services through MCP, invoke tools, and find AI resources.

2. Context-Awareness

Runtime protection must go beyond simple authentication checks. It requires a deep understanding of other application context including:

Authorization flows: Verify if a user, machine, or agent should be allowed to perform a specific action, not just if a request is authenticated.
Data flows: Identify 1st- and 3rd-party APIs, including AI services, called by your AI applications and the data or sensitive data they pass.

3. Multi-Layer Runtime Protection

Threat detection and prevention must happen at multiple levels during runtime, which include:

Request stitching: Detect abusive sequences and anomalous transaction flows instead of focusing solely on isolated events or rule violations.
API requests & responses: Protect REST and GraphQL API calls and detect attacks such as BOLA and introspection.
AI prompts & responses: Protect model interactions to preserve AI safety and prevent attacks like prompt injection or sensitive data leaks.

AI Doesn’t Break Security, It Exposes It

The incident with McKinsey's AI system didn’t introduce new vulnerabilities. It revealed something more important.

AI systems amplify every weakness across your stack, and AI excels at finding them.

Act now by reevaluating your AI security posture, unifying security monitoring, and bridging gaps that AI can exploit before attackers do.

It’s fortunate this event was essentially a research experiment and not a motivated threat actor. Attackers are already thinking in terms of AI-native designs. It’s not about endpoints or services for them; it’s about attack chains that enable them to get to your organization’s data or intelligence.

When reviewing your application security strategy, it’s not whether you have application firewalls, API protection, or AI guardrails to mitigate attacks; it’s whether they work together effectively.

How We Build

Product Portfolio Management for New Paradigms - DevOps, AI, and Beyond - Job Task Analysis

New paradigms are a constant in technology. AI currently has lots of momentum, but how do you build a practice or portfolio around a new or emerging paradigm? Look to your DevOps Product Portfolio Management for inspiration.

Ravi Lachhman

March 27, 2026

Time to read

Taking a look back over the last ten years in enterprise technology, paradigm shifts are occurring more frequently. For example, the maturity of DevOps/Platform Engineering and Cloud Native infrastructure has occurred. The new frontier depending where you are in adoption is AI. As your adoption and maturity curve progress, operationalizing these paradigms become important. Many sophisticated firms that have to manage and even innovate paradigms that are possibly not core to their business model look to Product Portfolio Management aka PPM to manage the business aspect of the paradigm.

A core pillar to PPM is resource management or the management of skillsets across the portfolio. We looked inwards to our own Professional Service team and ran a Job Task Analysis aka JTA to analyze how Harness itself built a portfolio of implementation experts.

For organizations/firms looking not only to scale Harness but potentially other platforms or paradigms, can use the Harness Implementation Job Task Analysis as one framework to use and apply to your specific need.

Remember Your Org’s DevOps Adoption?

In 2026, it is exciting to say that DevOps is mature. Most in industry agree today to the pillars and practices of what DevOps has been trying to achieve are normal for most engineering orgs. If you turn the clock back 15 years ago, DevOps was still very much emerging as a paradigm. The trio of people, process, and technology followed as the movement became more mature.

In an early episode of ShipTalk, we talked to Nidhi Allipuram, who at the time was leading a DevOps Org at a large insurance company. In the episode we talked about how she went from 0-1 in scaling a DevOps idea to building a DevOps Org. Like any technology adoption with a new or fast moving paradigm (think of AI today), there are business considerations that typically follow the maturity curve. The process she followed was incremental starting to gather internal expertise then having to answer “is this problem even worth solving”. From there once momentum is made, scale will follow.

The episode was great timing, for myself I was becoming a new first-time manager here at Harness and Harness itself was turning into a multi-module platform. I was really curious about how she load-balanced skills on her team to continue to expand into an evolving paradigm. Her advice was solid that you do have to balance the team to grow complementary skillsets and be able to keep up with their internal customer demand. This is exactly what resource management in a PPM based discipline/org would strive for. The Job Task Analysis that was just concluded can be used in resource management when looking to scale the program/portfolio.

Harness Implementation Job Task Analysis - Hard and Soft Skills

Looking at the Implementation Job Task Analysis and how Harness itself scales our Professional Services Practice, there is a needed mixture of both hard and soft skills. The hard skills are vertical skills in the tooling/platforms/ecosystem that Harness participates in. Second and just as important are the soft skills around problem solving and requirements gathering / stakeholder management. The hard skills would answer the “how” and “where” type of questions. The soft skills will answer just as importantly the “why” and “what” type of questions. As Harness is a platform of outcomes, solving for both hard and soft skills is important.

Extrapolating this to building a portfolio or program in evolving or even mature technology domains, the soft skills bolster the initial organic question “is this problem even worth solving”. In technology there is rarely a singular big-bang type of innovation occurrence. A good amount of innovation happens incrementally and with a solid team/consensus driven approach. Getting consensus can also be a challenge and a typical approach is requirements/stakeholder management gathering inputs from many points-of-view and blending them for trade-offs.

Distilling down the findings in the Implementation Job Task Analysis, for highly technical resources stakeholder / requirements management can be challenging as there is a lot of grey area. For example in the Site Reliability Engineering aka SRE world, defining your SLIs/SLOs is one set of challenges but having to get consensus to renegotiate them is a different order of problem. As we look towards AI, the fundamentals do not go away.

Well What About AI?

AI is certainly a rapidly evolving paradigm that is rapidly changing how we use technology. In a recent Cloud Native Podcast where the topic was Generative AI in Platform Engineering. AI, especially how it is used in Platform Engineering, is still early in the adoption curve. In 2026, The Linux Foundation will have its first AI centric conference with AGNTCon + MCPCon which is telling that maturity will eventually arrive. With items that are either early or late maturity, fundamentals do not go away.

On the Cloud Native Podcast, there was a conversation around how Kubernetes was during the first KubeCon in 2015 and how AGNTCon + MCPCon is a telling similar signal in 2026. The panel in the podcast reflected on their own K8s journey and early questions around innovation vs control/operationalization came up when looking towards AI; similar concerns when looking at K8s early on.

Crucial to navigating the radio dials of innovation vs control is again the fundamentals of soft skills getting stakeholder or internal customer alignment which is by incremental consensus. In the Implementation Job Task Analysis, the people who are agents of change in software delivery need to blend both their hard and soft skills on a daily basis. These very people are available to help further your innovation goals with top notch software delivery via the Harness Platform.

Partner with Harness for New Paradigm Expertise

As you start to embrace new paradigms and the Harness Platform, we are here to help. Harness has been at the forefront of the Cloud Native and now AI-Centric software delivery worlds. Our platform continues to evolve to meet these new and similar challenges in the technology adoption curve. Harness Professional Services are the people helping your organization making these new paradigms become reality. Feel free to take a look at our Services Offerings which includes consulting/coaching to training. We are excited to share how we scale our own internal skills to help our customers/partners/and public continue on to better the software delivery craft.

Technical

How Harness AI Helps Scale Platform-Wide Support

Learn how Harness AI reduces support load, explains pipeline failures, and helps developers self-serve in complex enterprise environments, and solve the AI Velocity Paradox.

Ankita Rosensweig

March 25, 2026

Time to read

---

Key Takeaway: Harness AI helped deflect 95% of the platform support tickets for a major financial institution

---

These days, success is often measured by what doesn’t happen:

Outages that don’t happen, so there are no 3 AM wake-up calls for engineers.
Zero "emergency" rollbacks after a Friday afternoon deployment to prod.
No configuration drift creeping into production environments.
No "how-to" tickets clogging up the backlog of a busy platform team.

When things go right, the software delivery platform is invisible. But what happens when an organization’s delivery velocity increases multifold? Can the platform still stay out of the way?

For one of the world’s largest financial institutions, the answer was a resounding "yes" but only after they solved the Velocity Paradox.

The Success Tax: When Scale Outpaces Support

By standardizing their deployment pipelines on Harness, this organization’s engineering teams hit their stride. Deployments became predictable. Manual toil went away. Teams were shipping more code, faster, with fewer headaches.

But as throughput increased, the complexity of the SDLC's outer loop also increased. More pipelines meant more execution states to interpret; more automation meant more configuration nuance.

That’s when the tickets started coming in. The increase in tickets was not a symptom of failure; it was a success tax. The platform team found itself acting as a human search engine, gathering logs, reviewing configuration state, and translating technical findings into actionable guidance for every request. The work was necessary, but it was fundamentally reactive.

Strategy Over Hype: AI as a Core OKR

Rather than simply expanding headcount to keep pace with this increasing workload, the organization made a deliberate shift in its operating model. They didn't treat AI as an experiment. AI adoption was formalized within team OKRs and became an explicit objective from executive leadership. Harness AI was selected as the primary engine to meet that goal. The directive to the engineering organization was simple:

“Ask Harness AI first.”

Developers were encouraged to treat Harness AI as their first line of inquiry.

The Engine Behind the Answer: Knowledge Graph

What makes Harness AI more than just a chatbot is what powers it underneath, a Knowledge Graph purpose-built for software delivery.

Unlike a generic large language model that reasons from broad training data alone, Harness AI is grounded in a living, interconnected map of your delivery environment. The Knowledge Graph continuously indexes and relates the entities that matter most in your SDLC: pipelines, services, environments, deployments, configurations, governance policies, and execution histories, and critically, the relationships between them.

When someone asks Harness AI a question, it traverses the optimal Knowledge Graph to understand the full context: what changed recently, which policy rule was triggered, how this pipeline relates to other services, and what similar failures looked like in the past, etc. This graph-powered reasoning is what enables answers that are specific, actionable, and contextually accurate and not generic.

Three things came up over and over in how developers used it:

Figuring out where a deploy went wrong. Not just “step 4 failed” but actually tracing through logs, execution history, recent changes, etc., to say “this is what failed and here’s why.”
Making sense of policy blocks. In a financial institution, governance rules are everywhere, and they’re not always obvious. The AI could explain why something got blocked and what you’d need to change to fix it.
Giving you the actual fix. Not just flagging the error: suggesting the specific YAML tweak or config change to unblock the build. Developers stopped waiting for someone to tell them what to do next.

For this financial institution’s engineering teams, this meant that every question asked of Harness AI was answered with awareness of their unique environment, their governance rules, and their delivery history. The AI wasn’t guessing. It knew.

The Result: 95% Tickets Deflected

The behavioral shift was both gradual and massive. Over the following months, the majority of internal support tickets were deflected. Engineers resolved a significant portion of troubleshooting questions independently, within their workflow, without waiting for platform team intervention.

Over the months that followed, tens of thousands of support tickets just didn’t happen. Engineers figured things out on their own, in the moment, without filing anything or waiting for a response.

The result was a radical rebalancing of capacity. Instead of being a help desk, the platform team redirected its efforts toward designing and building forward-looking architecture.

Innovation Without the Friction

Scaling a platform isn’t just a technical problem. It’s an operational one. You can modernize your entire SDLC and still end up drowning in tickets if the support model doesn’t scale with it.

Here's what makes Harness AI different from every other AI tool your team has probably tried: Harness sits inside your SDLC. Not bolted on from the outside, not reading a summary of what happened. It’s actually inside it. That means it picks up on context that no generic AI agent ever could. Your pipelines, your policies, your deployment history, your governance rules, how your services relate to each other, your infrastructure, and a lot more. All of it. And it uses that context to build a customized Knowledge Graph for your organization.

That's what makes Harness AI feel like part of your team rather than just another tool you have to babysit.

‍

FAQs

What does Harness AI use to answer questions?

Harness AI uses context from the software delivery environment, including pipelines, services, environments, policies, configurations, and execution history, to generate more relevant answers.

How is Harness AI different from a generic chatbot?

A generic chatbot mainly relies on broad model training data. Harness AI is grounded in an organization-specific delivery context, which helps it explain failures and suggest next steps based on how the environment is actually configured.

Why is a Knowledge Graph useful for software delivery?

A Knowledge Graph helps connect related entities across the SDLC, such as pipelines, services, environments, and policy rules. That structure makes it easier to retrieve relevant context for troubleshooting and operational guidance.

Can AI reduce internal support tickets for platform teams?

Yes. When developers can get contextual answers inside their workflow, many troubleshooting and policy questions can be resolved without filing support tickets.

‍

Technical

Harness AI February 2026 Updates: Securing & Making the SDLC Reliable and Shipping Faster with Agents

Harness AI's February updates tackle the AI Velocity Paradox with SAST/SCA & WAAP, smarter AI SRE Jira runbooks, and a powerful DevOps Agent upgrade.

Chinmay Gaikwad

February 26, 2026

Time to read

February is all about making AI in software delivery secure and easier to operate at scale. This month’s updates span enterprise-grade application security, API security via MCP, SRE automation, and a major upgrade to the DevOps Agent.

Bring API Security Intelligence Directly into Your AI Workflows

Harness’s WAAP Public MCP Server is now Generally Available, enabling querying API security data with natural language in popular AI environments such as VS Code, Cursor, and Claude Desktop. Teams can pull in insights across API discovery, inventory, risk, vulnerabilities, remediation, and runtime protection, and then blend that data with internal sources inside custom AI workflows.

This brings API security context directly into daily developer and security workflows, rather than locking it behind dashboards. By putting WAAP data behind an MCP server, organizations can enable richer, real-time AI-driven security analysis and make API telemetry usable in the same AI agents and copilots developers already rely on.

Looking ahead, WAAP tools will also be integrated with Harness AI, enabling joint customers to access capabilities through the Harness MCP server. The goal is a unified MCP experience where security and delivery agents can reason over the same API security data without brittle, one-off integrations.

Shift-Left Security That Actually Prioritizes What Matters

Harness SAST and SCA are now Generally Available as native security scanners within Security Testing Orchestration (STO), delivering AI-powered static analysis and software composition analysis right where AI agents and coding copilots generate code—in your pipelines. In the era of agentic coding, where AI autonomously writes, iterates, and deploys code at unprecedented speed, SAST scans repositories for security issues, hard-coded secrets, and vulnerable open-source libraries, while SCA analyzes container images for vulnerable OS packages and libraries, all with static reachability-based prioritization to cut through AI-amplified noise.

Onboarding is intentionally minimal: Harness automatically detects repositories and manages scanner hosting and licensing, including a 45-day free trial for existing STO customers. Within pipelines, SAST and SCA are available as native steps with auto repo detection, generate SBOMs for application and container dependencies, and surface results centrally for security and dev teams.

What sets this release apart is reachability-based prioritization and AI-assisted remediation, perfectly tuned for AI-driven workflows. Vulnerabilities are ranked based on whether they’re actually reachable from application code, helping teams focus on truly exploitable issues instead of noisy findings from rapid AI code gen, and AI-generated fixes can automatically open pull requests to accelerate remediation.

*Highlighted vulnerabilities with Harness SAST and SCA*

Incident Runbooks That Understand Your Jira Schema

In AI SRE, the Jira integration for runbooks has been rebuilt to support dynamic fields for both Create Jira Ticket and Update Jira Issue actions. When builders select a project and issue type, the runbook step now automatically loads the exact fields required by that Jira workflow, including custom fields, labels, and multi-select values.

This eliminates guesswork around field names and internal Jira schema details, and greatly reduces broken automations caused by missing or misconfigured required fields. For more advanced runbooks where the issue type is determined at runtime, a key-value mode lets builders set any Jira field directly while still benefiting from built-in validation that catches broken URLs and missing required fields before execution.

You can use the new Jira experience today by adding the updated Create or Update Jira actions to any AI SRE runbook. It’s particularly useful for complex incident workflows where different incident types must map cleanly to different Jira projects and issue types without manual rework.

‍

A Smarter, Faster DevOps Agent for Enterprise-Scale Pipelines

The DevOps Agent has received a major upgrade and is now powered by an Opus 4.5 foundation model. From our internal testing, we found out that the new model improves speed, context retention, and overall pipeline generation accuracy, particularly for large, highly templated enterprise pipelines.

Teams will see faster response times, higher-quality YAML generation, and better handling of longer, more complex pipelines. This upgrade has been validated against complex pipelines. Enhanced template awareness also means the agent is better at reusing existing templates and making high-fidelity updates to existing pipelines, reducing the amount of manual cleanup after AI-generated changes.

The upgraded DevOps Agent is rolling out to our customers soon and will be available directly in the AI Chat experience, with no configuration changes required. This is especially impactful for large enterprises running deeply nested template hierarchies, where context management and accuracy are critical for safe automation.

Escaping the AI Velocity Paradox

These February updates directly tackle the AI Velocity Paradox: where AI coding tools accelerate code generation but create downstream bottlenecks in testing, security, deployment, and observability that erase those gains. By providing reachability-aware SAST/SCA to secure agentic code without slowing pipelines, MCP-powered API security for contextual risk analysis, smarter SRE runbooks for resilient operations, and an upgraded DevOps Agent for complex pipeline automation, Harness extends AI intelligence across the full software delivery lifecycle. The result? Teams ship faster, safer software without the fragility of fragmented tools or unproven hype, turning AI potential into measurable business velocity.

‍

Technical

Harness AI January 2026 Updates: Human-Aware SRE and Smarter API and Application Security

Kicking off 2026 with Human-Aware SRE, AI-driven API naming, and natural language AppSec queries to automate your hardest post-code challenges.

Chinmay Gaikwad

January 29, 2026

Time to read

Harness AI is starting 2026 by doubling down on what it does best: applying intelligent automation to the hardest “after code” problems, incidents, security, and test setup, with three new AI-powered capabilities. These updates continue the same theme as December: move faster, keep control, and let AI handle more of the tedious, error-prone work in your delivery and security pipelines.

What’s New in Harness AI:

Human-aware incident analysis that correlates conversations with changes
AI-driven API naming that reduces security noise
Natural-language auth script generation for faster AST onboarding
AppSec agent for querying security data and generating policies

Human-Aware Change Agent for AI SRE

Harness AI SRE now includes the Human-Aware Change Agent, an AI system that treats human insight as first-class operational data and connects it to the changes that actually break production. Instead of relying only on logs and metrics, it listens to real incident conversations in tools like Slack, Teams, and Zoom and turns those clues into structured signals.

The AI Scribe captures key decisions, timestamps, symptoms, and “right before this happened…” moments from live conversations, filtering out unrelated chatter.
The Change Agent uses these human signals to drive a change-centric investigation across deployments, feature flags, config, infra changes, and ITSM records, then produces evidence-backed hypotheses such as, “This checkout deployment changed retry behavior 12 minutes before the incident, and latency spiked immediately after.”

By unifying human observations with the software delivery knowledge graph and change intelligence, teams get a much faster path from “what are we seeing?” to “what changed?” to “what should we roll back or fix safely?” The result is shorter incidents, clearer ownership, and a teammate-like AI that reasons about both people and systems in real time. Learn more in the announcement blog post.

AI-Powered API Naming for Cleaner Security Signals

Effective application security starts with knowing what you actually have in production. Traditional API naming based on regex heuristics often leads to over-merged or under-merged API groups, noisy inventories, and false positives across detection workflows.

This month, API naming in our Traceable product gets a major upgrade with AI-powered API semantics:

API naming is now powered by LLMs that understand intent, behavior, and functional semantics, not just URL or path similarity. The result is more stable, meaningful API groupings that reflect how your services actually behave.
The LLM-driven results were baselined against custom naming rules from advanced users and achieved >98.7% average match in internal benchmarking.
With cleaner API groupings, teams see reduced false positives across vulnerability detection, AST, and runtime protection, and a less noisy API inventory that’s easier for security and platform teams to act on.

For security leaders trying to tame API sprawl, this is a foundational improvement that boosts signal quality across the entire platform.

AI-Based Auth Script Generation: Faster, Safer API Security Testing Setup

Authentication setup has been one of the most consistent sources of friction for application security testing. Manual scripting, validation cycles, and back-and-forths often create bottlenecks — and a broken auth script can quietly invalidate an entire scan run.

To solve this, all API Security Testing customers now get AI-based Authentication Script Generation:

Generate auth scripts by simply describing the scenario in natural language; AI produces a ready-to-use script in a few seconds, which you can refine, edit, or use as a base for existing scripts.
The feature works alongside existing flows, so teams can keep using form-based or code-based auth with identical behavior while layering in AI where it helps most.

The result is less time lost to brittle auth setup, faster onboarding for new apps, and fewer failed scans due to script errors.

You can find implementation details and examples in the docs.

Chat with AppSec Agent: Security Data, in Plain Language

Security and platform teams often know the question they want to ask: “Where is this component used?” “Which exemptions are still pending?” , but answering it requires hopping across dashboards and stitching together filters by hand.

The new AppSec Agent makes this dramatically easier by letting you query AppSec data using natural language.

Here's what it does:

In Harness STO, you can ask about security issues and exemptions, then drill into issue-level insights from STO results without manually navigating views or composing complex filters. Questions like “Approve all valid pending exemptions in this project of issue type secret” become a single prompt instead of a multi-step workflow.
In Harness SCS, you can query for artifacts, code repos, SBOMs, chain-of-custody, and compliance results, then even generate OPA policies with a single prompt to block components based on license risk or vulnerable packages. For example, “Create an OPA policy to block the deployment of components licensed under the GPL-3.0 license” or “Help me identify whether the chalk and xz-utils components are present in any of the artifacts in this project” are fully supported.
The AppSec Agent is available across all production environments and integrates directly with Harness Security Testing Orchestration (STO) and Software Supply Chain Assurance (SCS).

This is a big step toward making AppSec data as queryable and collaborative as the rest of your engineering stack. Learn more in the docs.

How This Fits the Harness AI Vision

Harness AI is focused on everything after code is written — building, testing, deploying, securing, and optimizing software through intelligent automation and agentic workflows. January’s updates extend that vision across:

Security and AppSec: higher-fidelity API grouping, fewer false positives, and faster AST onboarding with AI-generated auth.
SRE and Operations: human-aware incident response that unifies human and machine signals into a single, change-driven flow.
Governance and Compliance: consistent with December’s AI governance updates, all of these capabilities inherit Harness’s approach of policy-aware AI, auditability, and RBAC-aligned actions.

Teams adopting these features can ship changes faster, investigate less, and focus more of their time on the work that actually moves the business — while Harness AI quietly handles the complexity in the background.

Checkout Event: Harness at RSAC

Technical

Harness AI December 2025 Updates: Ship Faster Without Sacrificing Control

Learn how new Harness AI governance capabilities let teams generate OPA policies with natural language, build compliant pipelines from templates, enforce guardrails in real time, and trace every AI action without losing control.

Rohan Gupta

Chinmay Gaikwad

January 7, 2026

Time to read

Our December Harness AI updates focus specifically on enhancements to Harness AI governance. You can review our Harness AI November updates here.

The Governance Paradox

Every platform engineering team faces the same tension: developers want to move fast, while security and compliance teams need guardrails. Too much friction slows delivery. Too little creates risk.

What if AI could help you have both?

With Harness AI, you can accelerate pipeline creation while automatically enforcing your organization's policies. Every AI-generated resource is traceable, auditable, and compliant—by design.

AI-Powered Policy Generation

Open Policy Agent (OPA) policies are the backbone of governance in Harness. They enforce rules across:

Pipeline governance: Who can deploy what, where, and when
Entity governance: Standards for services, environments, and connectors
Cost governance: Spend limits and resource constraints
Security scan governance: Required scans before promotion

The challenge? Writing Rego policies requires specialized knowledge. Most teams have a handful of people who understand OPA, and they're constantly backlogged.

Harness AI changes this.

Now, anyone can describe a policy in plain English and let AI generate the Rego code:

"Create a policy that requires approval from the security team for any deployment to production that hasn't passed a SAST scan."

Harness AI generates the policy. Your experts review and approve. Governance scales without bottlenecks.

Build Compliant Pipelines from the Start

Here's where governance and productivity intersect.

Your organization has invested in "golden" pipeline templates - battle-tested, approved configurations that encode your best practices. The problem: developers don't always know they exist, or they take shortcuts to avoid the complexity.

With Harness AI, developers simply ask:

"Build me a deployment pipeline that references our golden Java microservices template."

Harness AI:

Searches your template library to find the right template
Constructs a pipeline that properly references it
Inherits all the governance baked into that template

The result? Developers get pipelines in seconds. Platform teams get compliance by default. Learn more about referencing templates here.

What Can Harness AI Generate?

Any AI-generated resource can be saved as a template for others to reuse, thereby compounding your investment in standards.

Built-In Guardrails: OPA Enforcement on Every Action

What happens when AI generates something that doesn't meet your policies?

It gets caught immediately.

When a user saves or runs an AI-generated pipeline, Harness evaluates it against your OPA policies in real-time. If there's a violation:

The action is blocked (save or run fails)
Clear feedback is provided explaining why
The user can fix it in the AI chat by describing the needed changes

For example:

Policy Violation: "Production deployments require a manual approval stage. Your pipeline is missing this step."

User prompt: "Add a manual approval stage before the production deployment."

Harness AI: Updates the pipeline to comply.

This feedback loop turns policy violations into learning moments, without leaving the AI experience. Learn more about Harness AI and OPA policies here.

Full Auditability: Every AI Action is Traced

In regulated industries, "an AI built it" isn't an acceptable audit response. You need traceability.

Harness AI provides it:

AI-Generated Label

Every resource created by Harness AI is automatically labeled:

ai_generated: true

‍This label persists through the resource lifecycle. You always know what was created by humans versus AI-assisted.

Audit Trail Integration

All AI-generated entities appear in the Harness Audit Trail with:

Who prompted the creation (the user)
What was created
When it was created
How it was created (AI-assisted)

Execution Evidence

For AI-generated pipelines, you can:

View execution history to see how the pipeline performed
Download execution logs for compliance documentation
Validate outputs to confirm the pipeline meets requirements

This gives auditors and compliance teams the evidence they need—without manual documentation overhead.

Security by Design: AI Operates Within User RBAC

A common concern with AI assistants: "What if it does something the user shouldn't be able to do?"

Harness AI eliminates this risk with a fundamental design principle:

Harness AI can only do what the user can do.

The AI operates on behalf of the authenticated user, inheriting their exact Role-Based Access Control (RBAC) permissions:

There's no privilege escalation. No backdoors. No "AI admin" account. The AI is an extension of the user—bound by the same rules.

The Governance + AI Workflow

Here's how it all comes together:

‍

Why This Matters

For Platform Engineering Teams

Scale governance without becoming a bottleneck
Ensure template adoption by making it the easy path
Reduce policy violations with real-time feedback
Maintain audit trails automatically

For Developers

Build pipelines faster with natural language
Stay compliant without memorizing policies
Learn from violations instead of getting blocked
Use templates without hunting for documentation

For Security & Compliance Teams

Enforce policies consistently across all pipelines
Trace AI-generated resources with clear labels
Audit with confidence using execution evidence
Trust the access model with RBAC inheritance

Get Started with Harness AI + Governance

Already a Harness customer? Harness AI is available across the platform. Start by:

Enabling Harness AI in your account settings
Creating OPA policies for your key governance requirements
Building pipeline templates that encode your standards
Letting developers prompt their way to compliant pipelines

New to Harness? Request a demo to see AI-powered governance in action.

‍

Engineering Blog

Knowledge Graph + RAG: A Unified Approach to DevOps Intelligence

Learn how Harness uses a software delivery knowledge graph, a semantic layer, and RAG together to give DevOps teams deeply contextual, trustworthy AI automation that goes far beyond “chat over docs.”

Sunil Gattupalle

December 17, 2025

Time to read

Knowledge graphs and RAG (Retrieval-Augmented Generation) are complementary techniques for enhancing large language models with external knowledge, and each brings unique strengths for DevOps use cases. While they are often mentioned together, they are fundamentally different systems, and combining them delivers far better outcomes than relying on either approach alone.

Core Differences

A knowledge graph is a semantic model composed of entities and relationships that reflect how systems, services, code, environments, and people connect. These entities may come from Harness or from third-party DevOps tools. Retrieval from a knowledge graph can be:

Structured: via graph queries that traverse relationships
Unstructured: via semantic indexing of graph-connected content

The foundation of the knowledge graph is its semantic layer, which serves as the source of truth for the structure and meaning of the data. This semantic layer defines what an “application,” “pipeline,” “service,” “environment,” “deployment,” or “policy” means - not just how it is stored. This enforces consistent definitions across tools, eliminates ambiguity, and grounds all reasoning in shared meaning.

Because the semantic layer governs how data flows into the graph, it ensures the graph scales cleanly, remains governable, and can incorporate new tools, relationships, and metadata without becoming chaotic.

RAG, by contrast, retrieves unstructured text (documents, runbooks, incident notes, commit messages, architecture diagrams) using embedding similarity and feeds the retrieved content to an LLM. RAG does not model structure or relationships; it retrieves relevant fragments of text.

The fundamental distinction lies in structure:

A knowledge graph encodes explicit, machine-interpretable relationships.
RAG retrieves text based on semantic similarity, without understanding how the connections work.

This is why the two approaches excel at different types of problems.

Strengths and Limitations

Knowledge Graph Strengths

Knowledge graphs excel at multi-hop reasoning, where answering a question requires walking multiple relationships — linking a failing service to its owning team, its CI pipeline, the associated environment, and the policies governing that environment.

They offer:

strong explainability
traceable reasoning
lineage and dependency analysis
organizational context awareness
consistent governance enforced by the semantic layer

The primary limitation is that a knowledge graph is limited by the data it models.

RAG Strengths

RAG systems shine when working with unstructured information at scale. They are excellent for:

documentation search
incident history retrieval
architecture and API references
runbook guidance
open-ended queries

However, RAG struggles with questions that require:

relationship reasoning
ownership inference
dependency mapping
policy or environment constraints
multi-step chains of logic

RAG retrieves text. It does not understand structure.

‍

Hybrid Approaches

Modern DevOps AI systems increasingly combine both approaches:

RAG provides breadth — rich unstructured context.
The knowledge graph provides depth — structured reasoning and grounding.
The semantic layer provides stability — consistent meaning and scalable governance.

The result is retrieval and reasoning that are not only relevant but also organized, contextualized, and aligned with the real structure of the software delivery environment.

Why Knowledge Graphs Excel in DevOps

DevOps environments are inherently relationship-heavy: pipelines, services, environments, teams, approvals, policies, artifacts, and dependencies all interact tightly.

A knowledge graph captures these interactions explicitly.

The semantic layer ensures that as systems evolve, definitions remain consistent.

This gives AI agents true organizational context — not just textual familiarity.

With a graph-backed semantic model, agents can reason about:

ownership
dependency chains
deployment pathways
policy enforcement
environment behavior
compliance boundaries

This is essential for generating pipelines, validating changes, automating deployments, and performing impact analysis.

‍

Limitations of RAG for DevOps

RAG is excellent for retrieving documentation, API references, runbooks, and historical incidents. But it cannot reliably infer:

which team owns a service
which pipeline deploys that service
which environments are impacted
which policies apply
what dependencies exist and how they cascade

RAG retrieves text; it does not reason across structured relationships.

This limits RAG-only approaches to “chatbots over docs,” which is useful but insufficient for deeper automation.

Hybrid Approaches Emerging

A hybrid system uses both unstructured retrieval (RAG) and structured context (knowledge graph) to produce highly accurate, domain-aware answers. The semantic layer ensures that the graph remains consistent and scalable even as the organization grows.

This combination enables:

context-aware pipeline generation
graph-grounded debugging
multi-step orchestration
data-driven governance
safe automation across tools

Knowledge Graphs Benefit More Than AI

Knowledge graphs — and especially the semantic layer behind them — benefit the entire engineering ecosystem, not just AI.

They provide:

a unified, shared set of definitions across the SDLC
governance and data quality enforcement
lineage and dependency mapping
centralized metadata consistency
better observability and reporting
clean integration across tools

AI simply leverages this foundation to become more grounded, less error-prone, and deeply contextual.

‍

Harness’s Hybrid Implementation

Harness uses a Software Delivery Knowledge Graph built on a semantic model that continuously synchronizes entities and relationships across Harness modules and third-party DevOps tools. The semantic layer defines meaning and ensures structure, while RAG enriches the system with unstructured context.

This enables AI agents to:

generate pipelines aligned with org standards
automatically debug issues with traceable reasoning
execute root-cause analysis across dependencies
perform safe rollbacks constrained by policies

Results include:

85% faster pipeline onboarding
7x faster issue resolution
50% less debugging time

This is possible because the system blends semantic structure (knowledge graph), meaning (semantic layer), and breadth of context (RAG), producing far more reliable DevOps automation than any single method alone. We'll be writing more about Knowledge Graph in upcoming blog posts.

‍

Harness AI November 2025 Updates: AWS Integration, Database DevOps, & Enterprise-Grade AI Across the SDLC

November marks Harness AI's evolution into a truly AI-native platform spanning code-to-cloud delivery, with AWS integration and autonomous database migration finally bringing database DevOps into the modern, automated era alongside applications

Chinmay Gaikwad

December 4, 2025

Time to read

November was another big month for Harness AI, with new capabilities that deepen our work with AWS, bring AI-native automation to the database, and keep our model stack on the cutting edge across the SDLC.

Harness + Amazon: AI-Powered DevOps

We are expanding our partnership with Amazon to connect AI-powered development directly to intelligent delivery. As AI tools like Amazon Q and Kiro accelerate code development, this integration focuses on safely moving that code into production with built-in governance, security, cost controls, and delivery intelligence. Together, Harness SaaS on AWS and Harness’s Software Delivery Knowledge Graph provide teams with a single, trusted path from code to cloud, eliminating the need to stitch together point tools.

For developers, this shows up as AI-infused workflows in the IDE and CI/CD pipelines that understand context across 160+ tools exposed via the Harness MCP server. Teams can see faster pipeline onboarding, dramatically reduced debugging time, and safer rollouts, while platform and security leaders get unified governance across AWS environments without sacrificing velocity. Learn more about the partnership in this blog post.

AI-Powered Database Migration Authoring

Application delivery has become highly automated, but databases have historically lagged behind. Schema changes are still often managed with manual SQL scripts, spreadsheets, and late-night deployments. That gap makes databases one of the most common sources of release friction and risk, turning them into a bottleneck even when CI/CD is mature. Database DevOps matters because it applies the same discipline used for applications—Git, policy-as-code, governed pipelines, automated rollback—to the systems that hold your most critical data.

Harness Database DevOps tackles this directly by treating database changes like application code: versioned, tested, governed, and observable across environments. As one of the fastest-growing modules in the Harness platform, it helps teams ship safely without waiting on a small group of DBAs or accepting 2 a.m. change windows as normal.

We have introduced AI-powered database migration authoring inside our Database DevOps product. Developers can now describe the change they want in natural language, and Harness generates production-ready migrations that are backward-compatible, validated against policies, wired into Git, and paired with rollback scripts. Every migration is governed and auditable, so DBAs maintain control through policy-as-code and approvals while the AI handles the heavy lifting.

Under the hood, this capability is powered by the Software Delivery Knowledge Graph and the Harness MCP server, which bring awareness of schemas, pipelines, and best practices into each suggestion. The result is a database layer that finally moves at DevOps speed, with fewer incidents, stronger governance, and far less manual toil for both developers and database teams. Learn more about AI-powered database migration authoring here.

Improved Pipeline Error Analyzer

Error Analyzer is a great example of how Harness AI applies deep context, not just raw model power, to real DevOps problems. When a pipeline fails, our improved Error Analyzer automatically correlates recent changes, checks dependencies, identifies historical patterns, and pinpoints the most likely root cause, allowing teams to skip scrolling through logs and jump straight to fixes. The analysis view highlights which commits or configuration edits are likely to have triggered the regression, whether an external service or infrastructure dependency is unhealthy, and how similar this failure is to previous incidents across your organization.

From there, Harness AI turns insights into concrete action. Error Analyzer presents prioritized recommendations with clear justifications, and in many cases, can generate and apply YAML fixes on your behalf, with a before-and-after diff, so you stay in control. With built-in impact assessment and an audit trail of pipeline changes, teams can diagnose issues more quickly, understand the blast radius, and continuously harden their pipelines and dramatically reducing debugging time while maintaining high reliability.

Always-On Model Optimization

Behind these experiences, Harness AI continually evaluates and upgrades its underlying model stack, including the latest generations, such as Claude 4.5, Sonnet 4.5, and GPT-5. Instead of betting on a single LLM, Harness runs internal evaluations and real-world tests to benchmark performance, reliability, and safety for specific software delivery jobs, such as pipeline generation, error analysis, and database migration authoring. The platform then dynamically selects the best model for each task, with guardrails and fallbacks built in, so customers achieve the strongest results without having to manage model churn themselves.

Closing the AI Velocity Gap

Taken together, November’s updates are another step toward Harness’s vision of AI-native software delivery: where agents understand intent, enforce policy, and automate work from code to cloud to database. Deep AWS integrations remove friction between AI-powered development and production, Database DevOps eliminates the last major manual bottleneck, and continuous model optimization keeps Harness AI ahead of the curve for real-world DevOps use cases. As AI continues to increase code velocity, these capabilities make sure your pipelines, databases, and platforms can keep up with confidence.

‍

Harness and Amazon Team Up to Bring AI-Powered DevOps to Your IDE

Harness partners with Amazon to bring together Amazon Kiro, Q Developer, and Harness SaaS on AWS, delivering an intelligent, secure, and scalable DevOps platform that empowers teams to build and deploy software faster across the cloud-native landscape.

Bala Venkatrao

Rohan Gupta

Chinmay Gaikwad

December 2, 2025

Time to read

Today, we’re excited to announce our expanded partnership with Amazon, bringing together the power of Amazon Kiro, Amazon Q Developer, and Harness SaaS on AWS to revolutionize how your team builds, troubleshoots, secures, and deploys software. This collaboration is designed to deliver a seamless, intelligent, and scalable software delivery experience for all AWS customers.

Harness SaaS on AWS: Powering Cloud-Native Delivery

Harness SaaS on AWS empowers engineering and DevOps teams to deliver software faster, safer, and more efficiently across cloud-native environments. By leveraging the robust infrastructure of AWS, Harness provides an AI platform that scales with your business needs. With Harness SaaS on AWS, you get:

Accelerated, Reliable Deployments: Build and execute complex pipelines in minutes, supporting advanced deployment strategies like blue/green, canary, and rolling updates for AWS services such as EKS, ECS, Lambda, and Auto Scaling Groups.
Smart Automation & Continuous Verification: Harness leverages AI to run only tests affected by code changes and detect anomalies and automatically roll back failed deployments, minimizing downtime and risk.
Automated Security & Compliance: Built-in secret management, audit trails, granular RBAC, and continuous vulnerability scanning ensure every deployment is secure and compliant.
Cloud Cost Optimization: Harness Cloud Cost Management gives FinOps and engineering teams granular visibility and automated orchestration to maximize savings and optimize AWS consumption.

‍

AI-Powered Software Delivery, Right in Your IDE

The Harness Platform is now even more powerful with the integration of Amazon Kiro and Q Developer. This agentic IDE revolution enables developers to manage, optimize, and resolve CI/CD pipeline, security, and testing issues directly from their development environment using natural language. No more switching between Kiro and the Harness platform. Now, you can ask Kiro for your AWS infrastructure information, along with Harness pipeline executions, in the context of your IDE. Learn more about the different use cases in this blog post.

Context is the key for any AI to be effective. Harness’s Software Delivery Knowledge Graph ensures that this automation is tailored to your AWS environment, providing actionable insights rather than generic recommendations. Whether you’re a seasoned expert or a new team member, this integration makes shipping code faster and more intuitive. Learn more about the Knowledge Graph.

Real Value, Real Results

Harness is already helping customers achieve accelerated build and deployment using AI-powered features such as Test Intelligence and Continuous Verification. Organizations such as United Airlines and Trust Bank have enhanced their software delivery experience with Harness and AWS.

Specifically, for Trust Bank, Harness's cloud-first capabilities enable Trust Bank to efficiently deploy changes across its containerized applications on AWS, utilizing Amazon EKS. Trust Bank also leverages AWS services such as Amazon Athena, Amazon RDS, and Amazon Aurora, resulting in a resilient, secure, and optimized infrastructure that scales with its growth. Trust Bank sought a solution to integrate with its AWS environment, reduce developer workload, and prioritize innovation, aiming to offload the onerous supply delivery chain lifecycle. By integrating Harness with AWS and automating compliance, security, and risk checks in the CI/CD pipeline, Trust Bank cut its deployment lead time from two weeks to just 24 hours. Automated compliance ensures all industry-standard controls are met, maintaining high security. This automation enables Trust Bank to focus on delivering innovative products, rather than being hindered by manual processes.

Built for Shipping Software with Confidence

This partnership delivers enterprise-grade automation, contextual intelligence, and seamless cloud-native delivery, all backed by the reliability of AWS. Harness SaaS on AWS is available for purchase through the AWS Marketplace, making it easy for your organization to get started and scale as your needs grow. Together with Amazon Kiro, Q, and Harness SaaS on AWS, Harness and Amazon are committed to removing bottlenecks and empowering teams to ship software with confidence.

Register for the “Securing AI Velocity” webinar to learn more about how Harness and AWS can make software delivery better.

‍

Harness AI October 2025 Updates: Smarter Pipelines, Instant Troubleshooting, Persistent Memories

Harness AI October 2025 updates bring smarter pipelines, instant troubleshooting, and persistent AI memory to streamline DevOps and overcome the AI velocity paradox.

Chinmay Gaikwad

Rohan Gupta

November 11, 2025

Time to read

The AI Velocity Paradox is real. While teams are writing code faster than ever, they're hitting a wall downstream. Deployments are failing. Security vulnerabilities are slipping through. Manual toil is eating up whatever time developers saved with AI-assisted coding. The speed boost from one part of the software delivery lifecycle is being strangled by legacy processes in another.

Harness is solving this the only way that works: by bringing intelligent AI deeper into the delivery process itself.

Last quarter, we introduced transformative updates to Harness AI that address the exact problem plaguing most organizations: understanding complex pipelines, troubleshooting failures in seconds instead of hours, and building persistent AI memory to evolve alongside your team's workflows.

The Problem We're Solving: When Code Moves Faster Than Your Pipeline

Here's what we're seeing in the field: teams adopting AI for coding are experiencing a 25% increase in adoption, but Google's DORA research tells us the uncomfortable truth — that AI adoption is actually decreasing delivery stability by 7.2% and throughput by 1.5%. Why? Because the downstream bottleneck is real.

Developers can generate code in minutes. But when that code hits a pipeline, they run into walls:

Complex pipelines that nobody fully understands, documented only in institutional memory
Deployment failures that require hours of digging to understand what actually went wrong
No continuity between troubleshooting sessions, forcing teams to restart their investigation each time

October has been a busy month for us as we released a bunch of updates to bring intelligent automation to everything after the code is written, exactly where teams need it most.

‍

Pipeline Understanding: AI That Actually Knows What Your Pipelines Do

Harness AI now automatically analyzes your most complex pipelines and summarizes what they do, why they exist, what stages matter, and how they're connected. No more hunting through YAML. No more waiting for the one person who understands the legacy pipeline configuration.

This is about velocity without the toil. When a new developer joins, they can understand pipeline design in minutes, rather than days. When you're troubleshooting a failure, you immediately know which stages are relevant and why. When you optimize your delivery process, you gain clarity on what each pipeline actually does.

The impact: Faster comprehension of pipeline design and intent without digging through multiple configurations. Teams spend less time context-switching and more time shipping.

‍

Conversational Troubleshooting: Chat Your Way Out of Failures

Ask Harness AI why your deployment failed. Not a generic error code. An actual conversation.

"Why did this deployment fail?"
"How do I fix it?"
"What changed between the last successful deployment and this one?"

The enhanced Error Analyzer now supports natural language interactions across more stage types. Instead of squinting at logs and error messages, you're having a dialogue with an AI that understands your pipeline, your errors, and how to resolve them. The AI provides instant, contextual explanations that get to the root cause.

The impact: Root-cause analysis that takes hours becomes a conversation that takes minutes. Time-to-resolution drops dramatically. Teams spending 40%+ of their time on toil suddenly have hours back to focus on actual innovation.

‍

Chat History and Memory: AI That Remembers, So You Don't Have To

Harness AI now supports chat history, enabling teams to organize conversations, revisit past troubleshooting sessions, and maintain context between interactions. This is similar to the AI IDE experience, but for DevOps. It's the difference between a helpful chatbot that forgets everything and an AI teammate that learns alongside you.

The impact: Continuous context, smarter collaboration, and evolving intelligence that gets better the more your team uses it. Teams aren't restarting investigations from scratch. Memory compounds over time.

‍

Harness CD Update: AI Verification and Rollback Gets Smarter

We've also enhanced Harness Continuous Delivery with AI verification and rollback capabilities. New integration with Dynatrace Grail, an increasingly popular logs platform, means teams using Grail can now connect it directly to Harness, triggering automatic rollback on abnormal log telemetry after a deployment.

This closes the loop on the Velocity Paradox. Code moves fast. Verification is intelligent and automated. When something goes wrong, the system acts before customers notice.

‍

MCP Updates: Building the Foundation for Agentic Automation

Our Model Context Protocol (MCP) server is evolving with expanded Feature Management and Experimentation (FME) toolset capabilities, laying the groundwork for even deeper agentic automation across the platform. This is how AI teams get integrated into your existing workflows, not as replacements, but as force multipliers. Learn more about using this toolset with Claude Code.

‍

Harness IDP Update: Smarter Worklows

In case you missed it, we also announced the IDP Knowledge Agent at our Unscripted conference. The Knowledge Agent is now available and resides within the Harness IDP, serving as an AI-powered teammate. It helps developers find the information they need, understand how systems work, and take action faster. You can ask questions like, “Who owns the authentication service?” or “How can I improve my score?” and get relevant, trustworthy answers in seconds. Learn more about the Knowledge Agent in this blog post.

‍

Why This Matters: AI Isn't Just About Speed

The worst trap organizations fall into is measuring AI by how fast developers can code. That's missing the entire point.

AI's real value is in the systems. It's in understanding complexity that humans can't easily parse. It's in eliminating repetitive troubleshooting. It's in the memory that builds over time, making teams smarter with every deployment.

Harness AI for DevOps addresses the real problem: the downstream bottleneck that's choking velocity gains from upstream AI adoption.

By bringing intelligent automation to pipeline understanding, instant troubleshooting, and persistent context, we're not just making deployments faster. We're making them safer, smarter, and more resilient. We're turning the Velocity Paradox on its head—ensuring that when code moves fast, everything downstream can keep up.

This is what AI-native software delivery looks like. Not faster chaos. Faster, safer, smarter execution.

‍

What's Next

These updates represent a shift in how Harness approaches AI. We're not adding features. We're solving a fundamental problem in modern software delivery: the gap between upstream speed (code generation) and downstream automation (testing, security, deployment).

The teams winning today aren't the ones with the fastest developers. They're the ones with the most intelligent pipelines. The most resilient deployments. The deepest context about what's actually happening in production.

For everything after the code is written, Harness AI makes that possible.

‍

Intent-Driven Assertions are Redefining How We Test Software

Reimagine QA with intent-driven, AI-powered assertions that reduce flakiness and align testing with real user outcomes.

Shibam Dhar

November 3, 2025

Time to read

Picture this: your QA team just rolled out a comprehensive new test suite ; polished, precise, and built to catch every bug. Yet soon after, half the tests fail. Not because the code is broken, but because the design team shifted a button slightly. And even when the tests pass, users still find issues in production. A familiar story?

End-to-end testing was meant to bridge that gap. This is how teams verify that complete user workflows actually work the way users expect them to. It's testing from the user's perspective; can they log in, complete a transaction, see their data?

‍

The Real Problem Isn't Maintenance. It's Misplaced Focus.

Maintaining traditional UI tests often feels endless. Hard-coded selectors break with every UI tweak, which happens nearly every sprint. A clean, well-structured test suite quickly turns into a maintenance marathon. Then come the flaky tests: scripts that fail because a button isn’t visible yet or an overlay momentarily blocks it. The application might work perfectly, yet the test still fails, creating unpredictable false alarms and eroding trust in test results.

The real issue lies in what’s being validated. Conventional assertions often focus on technical details- like whether a div.class-name-xy exists or a CSS selector returns a value, rather than confirming that the user experience actually works.

The problem with this approach is that it tests how something is implemented, not whether it works for the user. As a result, a test might pass even when the actual experience is broken, giving teams a false sense of confidence and wasting valuable debugging time.

Some common solutions attempt to bridge that gap. Teams experiment with smarter locators, dynamic waits, self-healing scripts, or visual validation tools to reduce flakiness. Others lean on behavior-driven frameworks such as Cucumber, SpecFlow, or Gauge to describe tests in plain, human-readable language. These approaches make progress, but they still rely on predefined selectors and rigid code structures that don’t always adapt when the UI or business logic changes.

What’s really needed is a shift in perspective : one that focuses on intent rather than implementation. Testing should understand what you’re trying to validate, not just how the test is written.

That’s exactly where Harness builds on these foundations. By combining AI understanding with intent-driven, natural language assertions, it goes beyond behavior-driven testing, actually turning human intent directly into executable validation.

‍

What Are Intent-Driven Natural Language Assertions?

‍

Harness AI Test Automation reimagines testing from the ground up. Instead of writing brittle scripts tied to UI selectors, it allows testers to describe what they actually want to verify, in plain, human language.

Think of it as moving from technical validation to intent validation. Rather than writing code to confirm whether a button exists, you can simply ask:

“Did the login succeed?” or
“Is the latest transaction a deposit?”.

Behind the scenes, Harness AI interprets these statements dynamically, understanding both the context and the intent of the test. It evaluates the live state of the application to ensure assertions reflect real business logic, not just surface-level UI details.

This shift is more than a technical improvement; it’s a cultural one. It democratizes testing, empowering anyone on the team, from developers to product managers, to contribute meaningful, resilient checks. The result is faster test creation, easier maintenance, and validations that truly align with what users care about: a working, seamless experience.

Harness describes this as "Intent-based Testing", where tests express what matters rather than how to check it, enabling developers and QA teams to focus on outcomes, not implementation details.

‍

Harness AI Test Automation Solving Traditional Testing Issues

‍

Traditional automation for end-to-end testing/UI testing often breaks when UIs change, leading to high maintenance overhead and flaky results. Playwright, Selenium, or Cypress scripts frequently fail because they depend on exact element paths or hardcoded data, which makes CI/CD pipelines brittle.

Industry statistics reveal that 70-80% of organizations still rely heavily on manual testing methods, creating significant bottlenecks in otherwise automated DevOps toolchains. Source

Harness AI Test Automation addresses these issues by leveraging AI-powered assertions that dynamically adapt to the live page or API context. Benefits include:

Reduced flakiness: Tests automatically handle UI changes without manual intervention
Lower maintenance costs: AI-generated selectors eliminate constant rewriting of selectors or brittle logic
Focus on business logic: Teams concentrate on verifying user-centric outcomes rather than technical details
Faster and No-Code test creation: Organizations report 10x faster test creation and the ability to cut test creation time by up to 90%

Organizations using AI Test Automation see up to 70% less maintenance effort and significant improvements in release velocity.

‍

How Harness AI Test Understands and Validates Your Intent

‍

Harness uses large language models (LLMs) optimized for testing contexts. The AI:

‍

Understands Your Intent: The AI parses your natural language assertion to grasp what you're trying to verify, for example, “Did the login succeed?" or “Is the button visible after submission?"
Analyzes Real Application Context: It evaluates the live state of your application by analyzing the HTML DOM and the rendered viewport. This provides the AI with a comprehensive understanding of the app's current behavior, structure, and visual presentation.
Maintains Context History: it keeps a record of previous steps and results, so the AI can use historical context when validating new assertions.
Learns from Past Runs: Outputs from prior test executions are stored and referenced, allowing future assertions to become more accurate and context-aware over time.
Provides Detailed Reasoning: Instead of just marking a test as “pass” or “fail,” the AI explains why, offering insights backed by both visual and structural evidence.

Together, these layers of intelligence make Harness AI Assertions not just smarter but contextually aware, giving you a more human-like and reliable testing experience every time you run your pipeline.

This context-aware approach identifies subtle bugs that are often missed by traditional tests and reduces the risks associated with AI “hallucinations.” Hybrid verification techniques cross-check outputs against real-time data, ensuring reliability.

For example, when testing a dynamic transaction table, an assertion like “Verify the latest transaction is a deposit over $500” will succeed even if the table order changes or new rows are added. Harness adapts automatically without requiring code changes
‍Harness Blog on AI Test Automation.

‍

Crucially, we are not asking the AI to generate code (although for some math questions it might) and then never consult it again; we actually ask the AI this question with the context of the webpage every time you run the test.

‍

Successful or not, the assertion will also give you back reasoning as to why it is true:

‍

‍

How Teams Use Harness AI Assertions

‍

Organizations across fintech, SaaS, and e-commerce are using Harness AI to simplify complex testing scenarios:

Financial services: Validating transaction tables and workflows with natural language assertions.
SaaS platforms: Checking onboarding flows and dynamic permission rules.
E-commerce: Confirming discount logic and inventory updates dynamically.
Healthcare: Transforming test creation from days to minutes

Even less-technical users can author and maintain robust tests. Auto-suggested assertions and natural language prompts accelerate collaboration across QA, developers, and product teams.

‍

‍

‍

You can also perform assertions based on parameters.

‍

An early adopter reported that after integrating Harness AI Assertions, release verification time dropped by more than 50%, freeing QA teams to focus on higher-value work. DevOpsDigest coverage

‍

Transforming QA with Harness AI: Faster, Smarter, Reliable

‍

Harness AI Test Automation empowers teams to move faster with confidence. Key benefits include:

Faster test creation: Write robust assertions in minutes rather than hours.
Reduced test maintenance: Fewer broken scripts and less manual debugging.
Improved collaboration: Align developers, testers, and product managers around shared intent.
Future-ready QA: Supports modern DevOps practices and continuous delivery pipelines.

Harness AI Test Automation turns traditional QA challenges into opportunities for smarter, more reliable automation, enabling organizations to release software faster while maintaining high quality.

Harness AI is to test what intelligent assistants are to coding: it allows humans to focus on strategy, intent, and value, while the AI handles repetitive validation (Harness AI Test Automation).

‍

Harness AI Test Automation represents a paradigm shift in testing. By combining intent-driven natural language assertions, AI-powered context awareness, and self-adapting validation, it empowers teams to deliver reliable software faster and with less friction.

‍

If you are excited about and want to simplify maintenance while improving test reliability, contact us to learn more about how intent-driven, natural-language assertions can transform your testing experience.

‍

Engineering Blog

Harness AI & Google Cloud Partnership: AI-Powered DevSecOps with Enterprise Security

Bala Venkatrao

Rohan Gupta

Chinmay Gaikwad

October 30, 2025

Time to read

Teams have always been under pressure to deliver software faster. But here's what we've learned from working with thousands of engineering teams: writing the code has never been the real bottleneck. It's everything that happens after - the testing, security scans, deployments, and optimizations that determine whether your innovations actually reach customers quickly and reliably. Even in the era of AI, the speed boost is uneven, creating the AI Velocity Paradox.

That's why we're excited to share how our collaboration with Google Cloud changes the game for your team. This isn't just about new technology - it's about solving the daily challenges that prevent you from shipping with confidence.

What This Means for Your DevSecOps Workflows

You might have experienced the frustration of watching perfectly good code sit in limbo while your CI/CD pipelines break, tests fail, or security scans slow everything down. Nearly 45% of all deployments linked to AI-generated code lead to problems.

With Harness AI enabled by Google Cloud's Vertex AI platform, you get intelligent automation across every stage after code. Your team can now create enterprise-grade pipelines in seconds using natural language, automatically generate and maintain tests that adapt to changes, and deploy with confidence knowing AI is detecting issues in real time.

The results speak for themselves. Teams using Harness AI are already seeing test cycle times slashed by up to 80%, pipeline onboarding accelerated by 85%, and issue resolution that's 7 times faster. That's not just incremental improvement - it's getting back hours of your day to focus on innovation instead of toil.

Security and Compliance You Can Actually Trust

We know what keeps you up at night. You need speed, but you can't compromise on security or compliance. This is where our partnership with Google Cloud becomes critical for your peace of mind.

Harness AI is enabled by Vertex AI, Google Cloud’s advanced AI platform that provides private, dedicated access to cutting-edge models like the Gemini 2.5 series. Your data is never stored or used for training. Every insight and recommendation is generated using only your organization's context through our Software Delivery Knowledge Graph, which remains completely isolated.

You get built-in privacy, governance, scalability, and compliance guardrails, ensuring you can adopt AI without risk. Security scanning happens in real time, vulnerabilities get detected and remediated automatically, and every change is tracked for full auditability.

The Power of Context-Aware Intelligence - The Software Delivery Knowledge Graph

Powering Harness AI is our Software Delivery Knowledge Graph, which helps it understand your entire software delivery environment. Our Knowledge Graph is purpose-built exclusively for the software delivery lifecycle, capturing relationships across every stage from code to production in a secure, privacy-first manner.

Unlike generic knowledge graphs, it continuously ingests and connects a wide range of data from builds, tests, deployments, incidents, infrastructure changes, security scans, feature flags, rollbacks, test results, cloud spend, and database changes into a unified, real-time intelligence layer. This comprehensive mapping enables Harness AI to understand not just individual components, but the causal relationships between code changes, deployment outcomes, system behavior, and business impact. We also plan to integrate data from Google Cloud Platform into our knowledge graph, enhancing the AI's understanding of your GCP workloads.

Need to troubleshoot a broken pipeline? AI-powered error analysis translates cryptic error messages and provides actionable next steps based on your environment, saving you hours of debugging time. Want to optimize your cloud costs? You get smart recommendations tailored to your actual usage patterns, not generic best practices.

Harness AI: Built Into The Platform, Not Bolted On

You don't need to install anything new, manage external credentials, or lose control of your workflows. Harness AI works directly within the Harness Platform you already use, integrating seamlessly with your CI/CD pipelines, Feature Flags, Cloud Cost Management, and Security Testing. Behind the scenes, specialized AI agents work together to automate tasks intelligently.

Your engineers can simply describe what they need in natural language through a chat interface, and Harness AI handles the complexity. Whether it's onboarding new team members who can now deploy with confidence in minutes instead of days, or automatically rolling back deployments when regressions are detected, the intelligence adapts to your workflows.

Deeper Integrations with Google Cloud

Recently, we were the launch partner for Gemini CLI extensions, which enables AI to seamlessly interact with Harness tools and GCP services using the Model Context Protocol (MCP) standard. This allows engineers to leverage powerful CLI capabilities that effortlessly reach multiple tools through standardized communication.

Our collaboration with Google Cloud goes beyond today's capabilities. We're investing in Google Cloud's Agent2Agent (A2A) protocol for enhanced interoperability, and customers already have expanded access to Harness through Google Cloud Marketplace. This shared foundation means tighter integration and more powerful automation for your team as we continue building together.

The partnership reflects a shared commitment: helping you move at the speed of innovation while ensuring the enterprise safety and compliance your business depends on. With roots in Google Cloud, Harness AI gives you the scale and resilience global enterprises demand.

Harness AI is available now for all Harness customers. Your team no longer has to choose between speed and trust - with our Google Cloud collaboration, you get both.

‍
Check Event: Google Cloud Next 2026

Technical

Enhance CI/CD efficiency with Amazon Kiro and Harness integration

The integration of Amazon Kiro and Harness’s MCP server enables developers to manage, troubleshoot, and optimize CI/CD pipelines directly from their IDE using natural language, dramatically reducing manual effort and accelerating software delivery from code generation to production.

Martin Ansong

Chinmay Gaikwad

September 29, 2025

Time to read

The modern software development landscape moves fast, with AI-powered coding assistants generating code at unprecedented speeds. However, even the most sophisticated code generation is only half the battle. The real challenge lies in ensuring that code successfully navigates through CI/CD pipelines to reach production. Pipeline failures remain one of the most frustrating bottlenecks in software delivery, often requiring manual investigation and complex debugging processes. This blog post describes how the powerful combination of Amazon Kiro and Harness’s MCP server helps you fix CI/CD issues, right from your IDE.

Amazon Kiro: The Agentic IDE Revolution

Amazon Kiro represents a new category of development tools: an agentic IDE that helps developers move from prototype to production with the structure that production-ready code requires. Unlike traditional AI coding assistants that focus primarily on code generation, Kiro uses an agentic reasoning loop of planning, reasoning, taking actions, and evaluating results to handle multi-step tasks.

What sets Kiro apart is its context awareness and integration capabilities through the Model Context Protocol (MCP) framework. This allows Kiro to run locally while connecting to specialized tools and services through standardized MCP servers. The platform includes features like specs for defining project requirements, steering rules to guide AI behavior across projects, and agent hooks that automate repetitive tasks using smart triggers.

Harness: Intelligence After Code Generation

Harness is the AI platform for everything after code, focusing on testing, security, deployment, and optimization. Built on eight years of AI innovation in software delivery, Harness has evolved from pioneering AI-driven Continuous Verification in 2017 to today's agentic AI capabilities that autonomously perceive, reason, act, and learn across the entire software delivery lifecycle.

The platform delivers measurable improvements in software delivery performance. Organizations using Harness AI have seen 85% faster pipeline onboarding, 7x faster issue resolution through AI-powered troubleshooting, and 50% reduction in pipeline debugging time. At its core lies the Software Delivery Knowledge Graph: a continuously updated intelligence layer that captures and connects data from every stage of the SDLC, enabling contextual automation and decision-making.

Seamless Integration: Where AI Meets DevOps Excellence

Harness's MCP Server provides a unified interface for AI agents to interact with Harness's comprehensive suite of DevOps tools and services. The integration of Harness MCP server and Amazon Kiro brings the power of Harness's 161 DevOps tools directly into Kiro's development environment, creating a high level of automation for CI/CD pipeline management and troubleshooting. This integration enables developers to seamlessly understand and fix pipeline failures without leaving their coding environment.

Consider a real-world scenario where a developer makes changes to a code repository, triggering a build that fails during the compile step. Traditionally, this would require manually navigating to the CI/CD platform, examining logs, identifying the root cause, and then returning to the code editor to implement fixes. With the Kiro-Harness integration, this entire workflow becomes streamlined and intelligent.

The developer simply configures the Harness MCP server within Kiro, providing access to all Harness tools through standardized protocols. Using natural language, they can ask Kiro to list all pipelines in their organization. Behind the scenes, Kiro calls the appropriate Harness API through the MCP server, retrieving and presenting pipeline information in a conversational format.

When investigating a specific pipeline with build and deploy failures, the developer can request a detailed description directly through Kiro. The AI agent automatically calls the GET pipeline tool, providing a comprehensive breakdown that immediately surfaces the last execution status. Upon discovering the failure, the developer can simply ask, "Why did the last execution fail?".

Kiro then orchestrates a sophisticated investigation process: it retrieves the last execution details using the get execution tool, downloads the complete execution logs, analyzes them for error patterns, and presents a clear diagnosis.

In the demonstrated use case, the AI identified that the pipeline failed in the compile step due to an incorrect package name: a simple typo where "platformm" should have been "platform".

Most remarkably, Kiro doesn't just identify the issue…it takes action. The AI agent can directly modify the problematic file, correcting the package.json entry with the proper package name. The developer can then review the change, commit it, and push upstream, with the confidence that the pipeline will succeed on the next run.

Expanding Use Cases for Streamlined DevOps

Beyond basic troubleshooting, the Kiro-Harness integration unlocks numerous advanced use cases that transform how development teams interact with their CI/CD infrastructure.

Pipeline Creation and Optimization: Developers can describe their deployment intent in natural language within Kiro, and the integration will generate enterprise-grade pipelines that automatically adhere to organizational policies and standards. This eliminates the learning curve for new team members and ensures consistency across projects.

Proactive Issue Detection: The integration leverages Harness's AI-powered continuous verification capabilities to detect anomalies in deployment metrics and logs. When issues are identified, Kiro can automatically suggest code-level fixes or configuration changes, creating a feedback loop between production monitoring and development practices.

Security and Compliance Automation: Real-time vulnerability detection and remediation become seamlessly integrated into the development workflow. Kiro can automatically generate security fixes as pull requests, ensuring that security doesn't become a bottleneck in the development process while maintaining compliance with organizational standards.

Conclusion

The integration of Amazon Kiro and Harness represents a fundamental shift in how developers interact with their CI/CD process. By bringing the full power of Harness's DevOps intelligence directly into the development environment, this collaboration eliminates the traditional barriers between coding and deployment operations. As the software industry continues to accelerate, such intelligent integrations will become essential for maintaining both development velocity and DevOps excellence.

Also learn about Eight deployment model frameworks to enhance your CI/CD

Technical

How Harness addresses the challenges of AI in software delivery

AI-powered coding alone isn’t enough. True software delivery velocity requires end-to-end automation and intelligent governance across the entire lifecycle.

Trevor Stuart

September 30, 2025

Time to read

The widespread adoption of AI coding assistants is transforming software engineering. According to our recently published State of AI in Software Engineering report, 63% of organizations now ship code faster, and nearly three-quarters of developers say AI is already “part of the engine,” not just a sidecar.

But this acceleration has uncovered a critical bottleneck. While AI-powered tools supercharge code creation, downstream processes, such as testing, security, deployment, and compliance, still rely on manual workflows and fragmented point solutions. The result is the AI Velocity Paradox: teams move code faster than ever, but they risk shipping unverified, insecure, and unreliable software into production.

Key Trends and Challenges

Tool Proliferation and Complexity: The average team juggles eight to ten AI tools, lengthening onboarding and increasing context switching.
Uneven Automation: Only 51% of coding workflows are automated, dropping to 43% for CI/build pipelines and 6% for continuous delivery, leaving most CD processes manual and brittle.
Security and Quality Risks: 45% of deployments involving AI-generated code cause problems, and nearly half of teams worry about increased vulnerabilities and compliance risks.
Cost Spiral: 70% of organizations fear AI will drive up cloud spend as inefficient code is easier than ever to deploy.
Manual Cleanup: Any speed gains in coding are often offset by increased manual downstream work, especially in QA, security, and incident response.

Most organizations find themselves in the “Danger Zone”: high AI adoption for coding, but low automation and intelligence downstream. This creates a fragile, high-risk environment where velocity is a mirage, and technical debt compounds.

Becoming a Velocity Leader

Velocity Leaders, i.e., organizations that have automated and instrumented their entire software delivery lifecycle with AI, aren’t just fast; they’re resilient. They use AI not just for coding, but for testing, security, deployment, and observability. This end-to-end approach transforms AI from a productivity boost into a true competitive advantage.

How Harness Bridges the Gap

Harness is built for the era of AI-driven software delivery and specifically to help organizations escape the AI Velocity Paradox.

Intelligent Automation, End-to-End: 83% survey participants say that AI must extend across the entire software delivery lifecycle to unlock its full potential. That’s why we built Harness to extend AI beyond code creation. That’s why we built Harness to extend AI beyond code creation. Its AI platform automates building, testing, securing, deploying, and optimizing software, applying agentic AI to every phase after code is written.‍
Consolidation, Not Sprawl: Instead of stitching together dozens of point tools, Harness delivers a unified platform, simplifying governance, reducing onboarding time, and eliminating manual handoffs that slow delivery and create risk.‍
Automated Governance and Guardrails: Only 41% of the survey participants are confident that their current governance process can reliably catch issues before release.Harness enables organizations to define, enforce, and audit policies across the entire SDLC. This reduces the risk of bad code reaching production, prevents cost overruns, and ensures compliance automatically.‍
Proactive Observability and Incident Response: Harness AI agents analyze observability data, detect anomalies, and automatically roll back problematic deployments. This reduces the mean time to resolution and eliminates release “war rooms”.‍
Feature Flags and Progressive Delivery: Built-in feature management and experimentation lets teams safely roll out and roll back changes, minimizing the blast radius of any failed deployment, especially critical as AI-generated code becomes more common.‍
Cloud Cost Optimization: Harness monitors and optimizes cloud spend in real time, preventing runaway costs from inefficient AI-generated deployments.‍
Developer Experience: By automating repetitive tasks and reducing toil, Harness lets developers focus on innovation and not just cleanup and maintenance tasks.

Conclusion

AI-powered coding is table stakes. But true velocity comes from unifying speed with safety and resilience across the entire software delivery lifecycle. Harness brings intelligent automation to the critical, often overlooked phases of delivery, turning the AI Velocity Paradox into a sustainable advantage. Organizations that embrace a platform approach - where AI powers everything after code - will be the Velocity Leaders of the next decade.

Here’s a quote from the report:

“Purpose-built platforms that automate the end-to-end SDLC will be far more valuable than solutions that target just one specific task in the future.”
— 81% of engineering leaders surveyed

Harness doesn’t just help you move fast. It helps you move fast and not break things.

Learn more about the State of AI in Software Engineering.

Explore more resources: 3 Ways to Optimize Software Delivery and Operational Efficiency

Autonomous Software Delivery: How Harness AI Is Transforming DevOps, Testing, FinOps, and Security Beyond Coding.

Discover how Harness AI moves beyond coding assistants to automate the entire software delivery lifecycle - intent-driven maintenance, self-healing CI, and AI-powered rollback - reducing toil and risk so teams can deliver faster and more reliably.

Eric Minick

Chinmay Gaikwad

September 23, 2025

Time to read

This year at Unscripted 2025, the energy has been unmistakable as we’ve visited cities across the United States and Europe. The conversations in the hallways and on stage all pointed to a single, powerful truth: AI is fundamentally reshaping how we build and deliver software. We’ve all seen the explosion of AI-powered coding assistants that accelerate writing code. But a massive bottleneck remains. Getting that code from a developer’s laptop to a happy customer in production is still a complex, high-friction process.

Coding has sped up, but software delivery hasn't.

At Harness, our vision for AI extends beyond coding. AI needs to be applied to the entire software delivery lifecycle: automating toil, eliminating risk, and freeing engineers to solve the problems that matter.

Today, we’re excited to share a preview of the next wave of Harness AI capabilities revealed at Unscripted, which will make autonomous software delivery a reality.

Reclaim Developer Productivity: Intent-driven Code Maintenance

Nothing drains developer productivity like codebase maintenance. The endless cycle of dependency upgrades, bug fixes, refactoring, and paying down technical debt is tedious, error-prone work that pulls engineers away from building new features.

Harness Autonomous Code Maintenance (ACM) turns these manual chores into automated, intent-driven workflows. Developers can now state their intent in plain English, with prompts like, "Upgrade the front end from React 15.6 to 16.4". From there, the Harness AI agent drives the workflow: branching, coding, testing, and working iteratively with the engineer until it delivers a build that not just compiles, but runs through your pipelines passing security and functional testing as well. While the AI is doing the heavy lifting, developers are always in the loop and in control.

Some other use cases that Autonomous Code Maintenance supports are

Cleaning up stale feature flags: Stale feature flags often result in dead code paths, bugs, and thus, high tech debt. ACM detects these stale feature flags, removes the references, and opens pull requests for developers to approve. This helps achieve safer experiments with faster feedback.
Self-healing CI build failures with AI Autofix: If a build failure happens after a developer opens a pull request, Harness AI analyzes the issue, generates a potential fix, creates a new branch, and submits a pull request with the suggested remediation. This process is repeated until the build is successful, thus dramatically reducing the mean time to resolution (MTTR) for build failures.
Improving unit test coverage: For every pull request, the CI process tries to improve the unit test coverage by creating new unit tests and then also verifying them iteratively.

Ship with Confidence: AI Verification and Rollback

Our first AI/ML capability, Continuous Verification, made Harness the first Continuous Delivery tool to understand observability telemetry and trigger rollbacks when deployments caused trouble. We knew we could do more to eliminate the friction involved in its setup. Deploying with confidence shouldn't require a coordination meeting between DevOps, SREs, and developers just to configure the right health checks.

That’s why we’re introducing the next generation: AI Verification and Rollback.

We’ve moved beyond just AI-powered analysis to AI-powered setup. The Harness AI Agent now bridges the knowledge gap between application and SRE teams. It autonomously connects to your observability platforms, discovers the relevant metrics and log queries for the service you're deploying, and builds a comprehensive health verification profile. If it detects a problem, it triggers an automatic rollback to the last known good version, providing the ultimate safety net. This eliminates the trade-off between speed and safety, making verification a zero-effort, default part of every deployment.

Embedding Intelligence Everywhere: From Portal to Production

AI assistance needs to be at every stage of the software delivery process, providing contextual help and proactive solutions.

Pipeline Creation with “Architect Mode”: A few months ago, we showed how teams can create DevOps workflows that comply with your organization’s standards. We’re now taking that capability a step further with Architect Mode. Many software engineers are experts in application code but not in the nuances of creating a production-ready delivery pipeline. Architect Mode acts as a seasoned DevOps expert, engaging the user in a conversation to design a pipeline that incorporates organizational best practices for security, quality, and compliance from the very beginning. It’s like having a personal DevOps architect as a partner.

IDP Knowledge Agent: We're making Internal Developer Platforms (IDPs) more accessible with a natural language assistant. Developers can ask questions like, "What are the failing checks for my service's scorecard?" or "Who is the owner of a service?" to find metadata instantly. The agent also bridges the gap to action by suggesting and executing self-service workflows, like creating a new repo or onboarding a new engineer. It can even assist in generating new workflows, turning complex processes into simple conversational tasks.

Release Orchestration: For organizations managing complex release trains, especially in regulated industries, Harness Release Orchestration provides the governance and visibility needed to deliver with confidence. And with AI-powered assistance, you can even model new release processes using natural language, which Harness then translates into structured YAML.

The Future is Autonomous

These are just a few of the new capabilities we’re rolling out. Want to learn more? Join us at the Unscripted 2025 Virtual Conference.

Harness AI Blogs

Featured Blogs

Harness AI February 2026 Updates: Securing & Making the SDLC Reliable and Shipping Faster with Agents​

Bring API Security Intelligence Directly into Your AI Workflows

Shift-Left Security That Actually Prioritizes What Matters

Incident Runbooks That Understand Your Jira Schema

A Smarter, Faster DevOps Agent for Enterprise-Scale Pipelines

Escaping the AI Velocity Paradox

Harness and Amazon Team Up to Bring AI-Powered DevOps to Your IDE

Harness SaaS on AWS: Powering Cloud-Native Delivery

AI-Powered Software Delivery, Right in Your IDE

Real Value, Real Results

Built for Shipping Software with Confidence

Auto Remediate Security Vulnerabilities with Harness AI

How does Harness AI remediation LLM work?

Model inputs for vulnerability processing

Model response with structured output

Auto Create Pull Requests and Code Suggestions

Editable remediation and contextual customisation

Security and Privacy measures

Learn more

Latest Blogs

The McKinsey Incident Is a Warning Shot for AI-Native Design

Offensive AI Exposes the Soft Underbelly of AI Systems

Attack Chains Span Application Layers

1. Application Layer

2. API Layer

3. AI Layer

Point Solutions Will Continue to Fail

Shift From Tools to Platforms

1. Unified Visibility & Signal Correlation

2. Context-Awareness

3. Multi-Layer Runtime Protection

AI Doesn’t Break Security, It Exposes It

Product Portfolio Management for New Paradigms - DevOps, AI, and Beyond - Job Task Analysis

Remember Your Org’s DevOps Adoption?

Harness Implementation Job Task Analysis - Hard and Soft Skills

Well What About AI?

Partner with Harness for New Paradigm Expertise

How Harness AI Helps Scale Platform-Wide Support

The Success Tax: When Scale Outpaces Support

Strategy Over Hype: AI as a Core OKR

The Result: 95% Tickets Deflected

FAQs

What does Harness AI use to answer questions?

How is Harness AI different from a generic chatbot?

Why is a Knowledge Graph useful for software delivery?

Can AI reduce internal support tickets for platform teams?

Harness AI February 2026 Updates: Securing & Making the SDLC Reliable and Shipping Faster with Agents​

Bring API Security Intelligence Directly into Your AI Workflows

Shift-Left Security That Actually Prioritizes What Matters

Incident Runbooks That Understand Your Jira Schema

A Smarter, Faster DevOps Agent for Enterprise-Scale Pipelines

Escaping the AI Velocity Paradox

Harness AI January 2026 Updates: Human-Aware SRE and Smarter API and Application Security

What’s New in Harness AI:

Human-Aware Change Agent for AI SRE

AI-Powered API Naming for Cleaner Security Signals

AI-Based Auth Script Generation: Faster, Safer API Security Testing Setup

Chat with AppSec Agent: Security Data, in Plain Language

Here's what it does:

How This Fits the Harness AI Vision

Harness AI December 2025 Updates: Ship Faster Without Sacrificing Control

The Governance Paradox

AI-Powered Policy Generation

Build Compliant Pipelines from the Start

What Can Harness AI Generate?

Built-In Guardrails: OPA Enforcement on Every Action

Full Auditability: Every AI Action is Traced

AI-Generated Label

Audit Trail Integration

Execution Evidence

Security by Design: AI Operates Within User RBAC

The Governance + AI Workflow

Why This Matters

For Platform Engineering Teams

For Developers

For Security & Compliance Teams

Get Started with Harness AI + Governance

Knowledge Graph + RAG: A Unified Approach to DevOps Intelligence

Harness AI February 2026 Updates: Securing & Making the SDLC Reliable and Shipping Faster with Agents

Harness AI February 2026 Updates: Securing & Making the SDLC Reliable and Shipping Faster with Agents