Andrew Cummins

When used by individuals in isolation, agents create bottlenecks with more to review and more knowledge to transfer, undermining the productivity gains companies are counting on. A core AI design challenge is designing for teams working with agents. What would a tool designed for team collaboration actually look like? I analyzed 17 agentic platforms with a focus on how they support team collaboration and identified eight emerging patterns. https://lnkd.in/g9uJNGz8

AI coding tools are great at writing code, but shipping it securely is a different problem. This tutorial shows how Claude Code + GitLab Duo Agent Platform closes the gap, from bug fixes to production, with CI/CD, security scanning, and code review built in. 1️⃣ Fix a bug with Claude Code and let GitLab CI/CD, security scanning, and GitLab Duo Code Review do the rest. 2️⃣ Add GitLab MCP context so Claude works from the context saved within the GitLab issue, and not just local files. 3️⃣ Use a Claude-powered external agent in GitLab Duo Agent Platform to address review feedback directly in the MR. See how they work together in our blog: https://lnkd.in/gU5eY2Sz

My team is searching for a Staff Product Designer for Software Supply Chain Security. If you (or someone you know) has any experience with provenance and attestation, signing and verification, dependency firewalls, SBOM, or malicious package detection, we want to hear from you! If you don't have SSCS experience, that's ok too, but we'll need to hear about how you took a technically complex space, used a process to understand it, and broke it down into user experience assets. We're seeking someone who can lead with vision and scope into small iterations backwards from there. Apply here and reach out if you have any questions! https://lnkd.in/g45_swyK #ProductDesign #UXDesign #AppSec #Hiring #DesignJobs

Two AI-powered security milestones in GitLab 18.10. 🚀 First: SAST False Positive Detection is now generally available, powered by GitLab Duo Agent Platform (DAP). This feature first launched as a beta in 18.7, and after months of iteration, customer feedback, and real-world validation, it's now GA and ready for use in DAP. When a SAST scan runs, GitLab Duo automatically analyzes each Critical and High severity finding to determine the likelihood that it's a false positive: 📋 Automatic analysis after every SAST scan, with no manual intervention required; ✅ Confidence scoring indicating the likelihood a finding is a false positive; 🔍 Contextual AI reasoning explaining why a finding may or may not be a true positive; 🎯 Manual trigger option per vuln for on-demand analysis; and 🔄 Seamless integration directly in the vulnerability report Second: we're extending this same capability to a new scanner type. Secret False Positive Detection launches in beta in 18.10, bringing AI-powered triage to secret detection findings. This new DAP flow now analyzes flagged secrets, providing confidence scores and contextual reasoning to help teams dismiss noise quickly and focus on real exposures that need rotation or remediation. Security teams have told us consistently that manual triage is one of their biggest time sinks. Investigating SAST findings that turn out to be false positives, reviewing flagged secrets that are placeholder values or expired tokens. That time adds up fast, and it pulls attention away from real vulnerabilities that need immediate action. Now, DAP handles that triage automatically across both SAST and secret detection, giving teams the context and confidence they need to move faster. Shipping both of these in the same release is a meaningful milestone for the team. It validates the pattern we set out to build: AI-powered false positive detection that scales across scanner types and helps security teams focus on what actually matters. Special recognition to Nate Rosandich, Meir Benayoun, Andrew Cummins Huzaifa Iftikhar, Hitesh Raghuvanshi, Illya Klymov, Harsimar Sandhu, 🦊👨🏽‍💻Sam Figueroa 🌱, Jean van der Walt, Andrew J., Scott Hampton for making this possible. Thank you to Michael Clausen, Asaf Biton, Christopher Widstrom, Ethan Feller, Amar Patel, Ahmed Hemdan, isaac dawson, Vishwa B. and many others for the amazing cross-collaboration to get both of these features released in this milestone. Finally, thank you to Omer Azaria, Michael Wildpaner, Dean Agron, Mark Mishaev and Ron Vider for your guidance, leadership and direction as we steered these two initiatives to release SAST FP Detection is available now for GitLab Ultimate customers with GitLab Duo Agent Platform. Secret Scanning FP Detection is available as a beta. Read more in the release post below. 👇 #DevSecOps #AIinSecurity #GitLab #SAST #SecretDetection #VulnerabilityManagement #AgenticAI

Developers should be able to work where they want to work. We're making that easier by bringing GitLab into more of the tools and environments your teams already use. Check out GitLab in the Cursor Marketplace: https://lnkd.in/gehPVKQj

After 3 years on my last project, it's time to announce that I'm officially looking for work. My last contract has just wrapped up and I'm looking for my next role as a Senior Product Designer in NYC. It was a challenging project that pushed me every single day, but the people I met and the growth I experienced made it worth it. Thank you Clarity for all the good memories! I tend to think in systems, love working closely with a team of engineers and PMs, and get most excited when the problem is truly complex. Bonus points if it's a new industry or product space I haven't worked in before. 📍 NYC-based | Open to hybrid & remote 💼 Senior Product Designer | UX | Systems Design My portfolio is www.aileenwhite.com (dm for password). If you're hiring or know someone who is, feel free to DM me or tag them below. I really appreciate any leads or intros. I would also just love to catch up with anyone now that I have a little more free time (when I'm not navigating interview cycles). #OpenToWork #ProductDesign #UXDesign #NewYork #SeniorDesigner #Hiring

Over the past few weeks, the conversation has shifted from asking, “Can AI find vulnerabilities?” to wondering, “What should we do once it can?” AI models are getting better quickly. Still, just improving detection does not always lead to safer results. The questions I hear from customers reflect that shift: Is the product we’re about to release actually safe? How is our risk posture changing as code and dependencies evolve? Who is accountable when more of the code comes from AI and third parties? These aren’t scanning problems. They require tracing risk from code authoring through production, with clear ownership along the way. In my latest blog, I write about why the next phase of application security is not just smarter scanners, but orchestration and governance across the software lifecycle. https://lnkd.in/gXAuitMt

We reported our Q4 and full fiscal year 2026 results on March 3, 2026. You can learn more in our full earnings report below:  http://bit.ly/3NcQpaM

Passkeys are now live at GitLab - bringing passwordless sign-in and phishing resistant 2FA to millions of users! This one feels especially meaningful to me because it’s one of the first experiences I designed when I joined. Grateful to Sayonara Bittencourt and team (Eduardo Sanz García, Adil Farrukh and more) for bringing this across the finish line, to Hannah Sutor for the early product leadership and vision that helped shape direction from the start and to the contributors who voted for and shared their feedback on this experience. https://lnkd.in/gBsaCz7u