Archive for May 19, 2026

« Older Entries

Iran Hackers Suspected in Gas Station Tank Readers Breach

Posted in Commentary with tags on May 19, 2026 by itnerd

It is being reported that US officials suspectIranian hackers are behind a series of breaches of systems that monitor the amount of fuel in storage tanks serving gas stations in multiple states. They exploited automatic tank gauge (ATG) systems that were sitting online with unprotected by passwords, allowing them to intefere with display readings on the tanks but not the actual levels of fuel in them.

CNN has the story here: https://www.cnn.com/2026/05/15/politics/iran-hackers-tank-readers-gas-stations

Lieutenant General Ross Coffman (U.S. Army, Ret.), who currently serves as President of Forward Edge-AI, provided the following comments:

“This cyber attack should come as no surprise.  I cannot confirm if these cyber terrorists are Iranian, Iranian proxies, or another nefarious actor. However, I can confirm that the weakest link will always be exploited by our advisories. They will target every chink in our cyber armor.  his is happening daily and we still live in a pre-quantum world.  Post-quantum will be 1000x worse.  The time to get ready is now!

Strangely, I am not at all shocked about this. This is another example of infrastructure being targeted by threat actors. And it will keep happening until organizations wake up and take the threat seriously.

Leave a comment »

“Hey Google, can I park here?” – Volvo Cars and Google plan to demonstrate Google Gemini vehicle camera integration

Posted in Commentary with tags , on May 19, 2026 by itnerd

As part of a world first, Volvo Cars and Google will demonstrate Google Gemini vehicle camera integration in the EX60, at Google I/O conference (May 19-20). This paves the way for a future where, with the driver’s permission, Gemini will be able to see and understand its surroundings from the perspective of the car in real time.

This will enable a more helpful driving experience for things like recalling a road sign, making sense of lane markings or simply asking for more information about a landmark or a restaurant.

Take parking as an example. By reading and interpreting parking signs in real time, the system helps drivers quickly understand restrictions, time limits, permit requirements or charging rules. Instead of second-guessing whether a space is valid, drivers receive clear guidance exactly when and where they need it. 

These concepts provide an early look at how contextually aware AI experiences will in the future become part of the every-day driving experience. This is made possible by the Gemini model’s multi-modal understanding*, the EX60’s neural processing engine** and software- defined architecture.

More intuitive directions with Immersive Navigation from Google Maps

Soon, Volvo Cars will also be among the first to introduce Immersive Navigation from Google Maps into its cars. With a new 3D view, Immersive Navigation offers even more intuitive guidance for drivers, helping them stay informed and focused on the road.

Drivers will see their route brought to life with redesigned buildings, tunnels, overpasses and more, making it easy to quickly understand complex roads and turns. This is particularly valuable in urban environments where skyscrapers and dense intersections can make it difficult to see the road ahead.

It also delivers more natural voice guidance with helpful instructions that call out real-world landmarks in addition to distance and timing, such as “Go past this light and take the next left after the library.” By aligning what drivers hear with what they see, navigation becomes even easier to follow.

Immersive Navigation from Google Maps will first be available in the Volvo EX60, EX90 and ES90.

These announcements reflect an ongoing relationship between Volvo Cars and Google as the two companies work together to shape the next generation of in-car intelligence. 

The small print   

  • *Multi-modal understanding: AI’s ability to combine and interpret inputs such as voice, images, and context to understand a situation.
  • ** Neural Processing Engine (NPU): A dedicated processor that runs AI tasks efficiently and in real time on-device.
  • Features may differ depending on subscription, and results may vary. Google Gemini is AI and can make mistakes.Connected apps require setup and providing necessary permissions. Compatibility and availability vary. 18+.
  • Google Gemini and Google Maps are trademarks of Google LLC. 

Leave a comment »

Security teams have growing blind spot in AI coding agents and attackers are already moving in 

Posted in Commentary with tags on May 19, 2026 by itnerd

As enterprises race to deploy AI coding agents, a new security challenge is emerging: organizations are creating high-privilege endpoint activity that many SOCs can’t actually see.

New research from the Abstract ASTRO team in a blog post that went live today examines telemetry from Anthropic’s Claude Code and Cowork and finds these tools create a rich but largely untapped detection source. It’s a source that can expose everything from shell execution and file access to plugin installs, MCP server interactions, and sensitive data leakage. The scary part? Most teams aren’t monitoring it.

ASTRO’s research also demonstrates how attackers could abuse AI coding workflows using techniques such as TrustFall, a recently disclosed flaw that can trigger arbitrary code execution simply through project trust prompts, potentially enabling credential theft, persistence, or data exfiltration.

A few findings and angles that may resonate with security readers:

  • AI agents are becoming new endpoint hotspots with broad access across developer systems and applications
  • Claude Code lacks native host telemetry, creating visibility and correlation challenges for SOC teams
  • Organizations can reduce AI-agent log volume by 30–50% while preserving security visibility
  • Detection opportunities include secret leakage, sensitive file access, malicious plugins, persistence attempts, and data exfiltration
  • Researchers built a higher-fidelity detection approach correlating AI agent telemetry with EDR/process activity to reduce false positives

This speaks to a broader issue: security teams are entering an era where agent activity may need to be monitored the same way they monitor users, endpoints, and cloud infrastructure.

Leave a comment »

New Shai-Hulud malware wave compromises 600 npm packages 

Posted in Commentary with tags on May 19, 2026 by itnerd

Threat actors earlier today published more than 600 malicious packages to the npm index as part of a new Shai-Hulud supply-chain campaign. Most of the affected packages are in the @antv ecosystem, which includes libraries for charting, graph visualization, building flowcharts, and mapping.

Commenting on this news is Dan Moore, Sr. Director, CIAM Strategy & Identity Standards at FusionAuth:

“In the OIDC/OAuth security model, tokens are short-lived by design. OIDC assumes you authenticate for a specific operation and the token expires in a timely fashion. That’s what’s supposed to happen but in practice many CI/CD pipelines and services don’t yet use these.

What is scary about this attack is that OIDC tokens were abused and used to submit artifacts to Fulcio and Reko, core components of the Sigstore project. The Sigstore project is an ecosystem for signing/verifying software and is used by projects like Kubernetes and PyPI.

This latest Shai-Hulud attack is more dangerous than the previous TanStack breach. Previously, valid provenance attestations required hijacking the legitimate CI/CD pipeline. The attacker needed the real workflow to run, which is a significant effort. Now the malware generates Sigstore attestations directly from stolen OIDC tokens, without the pipeline at all. This is an attack on the root of supply chain security. Provenance verification no longer tells you what you think it tells you.

Unfortunately, short-lived OIDC tokens don’t solve everything. The real gap here is that “this package was built by the expected pipeline” became conflated with “this package is trustworthy.” Closing that gap requires things like:

  • Verifying the build configuration hasn’t changed (not just that the build ran)
  • Checking commit signatures and authorship against expected maintainers
  • Detecting orphan commits from deleted forks
  • Pre-install script sandboxing
  • Consumer-side policy that doesn’t treat supply chain frameworks like SLSA as ground truth without considering the entire picture”

This example shows you just how important “trust but verify” is. That sort of thing worked for Ronald Regan. It should work for you as well.

1 Comment »

Father’s Day Gift Ideas That Score Big at Home from Epson 

Posted in Commentary with tags on May 19, 2026 by itnerd

Every great Dad knows that life is about balance. With Father’s Day approaching and a summer of major sporting moments on the horizon, Epson is helping Canadians elevate both how they unwind and how they work from home. With soccer and basketball being the most popular sports among streaming audiences, demand for immersive at-home viewing continues to grow. From stadium-worthy viewing to reliable home office upgrades, these gift ideas are designed to deliver high-quality performance where it matters most. 

Whether it’s game nights, backyard gatherings or family events, below are two standout picks for Father’s Day roundups and sporting event-ready entertainment features.

The Epson Lifestudio Flex Plus Projector (MSRP: $1,299.99

The Epson Lifestudio Flex Plus Projector turns every match into a front-row experience, making it a standout Father’s Day gift for dads who want to bring the energy of live sports home. Ideal for watch parties of the biggest soccer event and beyond, it delivers a vivid viewing experience built for shared moments. 

With sharp 4K PRO-UHD picture quality1 and immersive Sound by Bose technology, it transforms any space into a cinematic setting, projecting up to 150 inches on virtually any surface. Its adjustable stand and portable design make it easy to move from the living room to the backyard, so the entertainment goes wherever the celebration is. 

More than just a game-day upgrade, this projector is an entertainment investment. From family movie nights to gaming with friends across the world, it elevates a simple night into an epic experience. 

Where to Buy: 

EcoTank ET-4950 Wireless All-in-One Colour Supertank Printer (MSRP: $599.99 CAD) 

When playtime winds down and it’s time to get back to the corporate grind, dads deserve a home office setup that works as hard as he does. The EcoTank ET-4950 is a reliable, high-performance printer built for entrepreneurial dads who need office-grade productivity at home, without the hassle. 

Designed for worry-free printing, the EcoTank ET-4950 lets dads print worry-free in colour without the stress of running out of ink at the wrong time. Its high-capacity ink tanks reduce the need for frequent replacements, making it a reliable, low-maintenance choice for everything from work documents to family projects. 

It’s a practical, low-maintenance upgrade that delivers professional results while freeing up more time for what matters most, whether that is getting back to family time or planning the next moment of fun. 

 
Where to Buy: 

Leave a comment »

Check Point Announces Agentic Network Security Orchestration

Posted in Commentary with tags on May 19, 2026 by itnerd

Check Point today launched its Agentic Network Security Orchestration Platform, a purpose-built autonomous agent architecture that executes network security operations across enterprise environments, without requiring constant human intervention. The launch continues the company’s mission to fundamentally transform the way enterprise network security is managed, an approach that has remained largely unchanged since the early days of the firewall era.

Enterprise networks have grown beyond human capacity to manage. Hybrid cloud adoption, M&A-driven fragmentation, the explosion of connected devices, and the rapid proliferation of AI agents across infrastructure have created environments that no human team was designed to secure at this scale. A single change request can take two to four weeks to work through analysis, security review, and policy dependencies – only to break something else and restart the cycle. Segmentation projects sit on the board for years and never ship. Policies drift because workloads move faster than any team can follow. The result is predictable: Zero Trust projects stall, policy tightening never completes, and organizations are left exposed. Check Point’s platform addresses this by beginning a transformation across three dimensions that have defined and constrained network security management for decades: moving from thousands of static rules to intent-based policy, from fixed threat prevention profiles to dynamic exposure-based controls, and from fragmented vendor consoles to a single orchestration layer across the entire network. Security teams set the business intent. The agents handle everything below it.

At the center of the platform is a proprietary Network Knowledge Graph, a live, relational model of the customer’s actual environment, continuously updated with topology, traffic flows, asset dependencies, and real-time configuration data. This is what separates Check Point’s agents from generic AI applied to security problems. Rather than reasoning over static training data, agents reason over the customer’s actual network as it exists right now, grounding every decision in the customer’s specific reality.

The platform’s semantic intelligence layer goes further, interpreting not just the syntax of existing firewall policies but the business intent behind them, including rules created years or decades ago. Once that intent is understood, agents act on it autonomously across four core capabilities:

  • Intent-to-Policy translates natural language business requirements into hardened, risk-validated firewall rules across multi-vendor environments.
  • Zero Trust and Policy Tightening continuously analyses active traffic to identify shadow access and over-permissive configurations, autonomously applying validated tightening recommendations without risking connectivity breaks.
  • Autonomous Troubleshooting conducts multi-step reasoning across topology, policy history, and logs to diagnose failures autonomously, reducing mean time to resolution from hours to minutes.
  • Continuous Compliance maps every rule and configuration change to DORA, PCI-DSS, and NIST in real time, replacing annual audit fire drills with continuous automated enforcement.

Security teams retain authority at the intent level, approving high-impact changes before execution, with full visibility into every agent’s action through a complete execution trace. Underlying the platform are agent skills fine-tuned on more than 30 years of operational expertise protecting over 100,000 organisations, spanning the edge cases and configuration complexity that generic models have never encountered.

Accelerating the Roadmap: The Acquisition of Deepchecks’s Team and Intellectual Property
As part of the commitment to deliver on the Agentic Network Security Orchestration roadmap, Check Point has signed a definitive agreement to acquire the team and intellectual property of Deepchecks, a production-grade platform that unifies evaluation, observability, testing, and monitoring, giving teams the visibility and control needed to trust agents in production. The team is comprised of LLM experts, graduates of the prestigious Talpiot technological excellence program. Deepchecks’ talent and intellectual property will significantly accelerate the execution of the Agentic Network Security Orchestration roadmap.

Availability
Check Point’s Agentic Security Management capabilities are available today – Policy Auditor prevents policy drift, Policy Insights drives zero-trust tightening, and AI Assist accelerates daily admin tasks. Playblocks Agents is available through our Early Availability program, with a broader customer preview introducing more agents, skills, and multi-vendor support launching in H2 2026. For more information and to request access, click here.

Leave a comment »

WTF? CISA Admin Leaked AWS GovCloud Keys on Github 

Posted in Commentary with tags on May 19, 2026 by itnerd

A newly uncovered GitHub exposure involving a CISA contractor leaked privileged AWS GovCloud credentials, plaintext passwords, and internal DevSecOps infrastructure details in what researchers are calling one of the most severe public-sector secret leaks in recent memory.

Dan Moore, Sr. Director, CIAM Strategy & Identity Standards at FusionAuth had this comment:

“A public GitHub repo sat open for six months. AWS GovCloud admin keys. Plaintext passwords. The works.

Researchers at Seralys and KrebsOnSecurity flagged it to CISA and were ignored. When the repo finally came down, the AWS keys stayed live for another 48 hours.

The hygiene failure created the exposure. Ignoring responsible disclosures extended it. But the static, long-lived credentials are the architectural problem that underlies both of those issues. An exposed static secret stays leaked until someone manually kills it. That’s a design error, not a simple mistake.”

This is an epic #fail by a group that should know better. Seriously, heads need to roll over this.

Leave a comment »

TELUS investing $66 billion in Canada through 2030

Posted in Commentary with tags on May 19, 2026 by itnerd

TELUS is investing more than $66 billion over the next five years to expand and enhance its network infrastructure and operations across Canada. As the country seeks to attract more investment to stimulate growth, TELUS’ commitment to Canada’s future will help fuel homegrown innovation and support the prosperity of urban and rural communities. This investment builds on an impressive track record, with TELUS investing billions in technology and operations to boost productivity and support a robust national economy.

Now through 2030 in Canada, TELUS is:

Advancing Canada’s Tech & AI Sovereignty

  • Expanding on their $2-billion investment to bring the speed and connectivity of TELUS PureFibre to regions of Ontario and Quebec that haven’t seen the benefit and scale of this investment to-date, stimulating job growth, accelerating innovation and enhancing productivity
  • Building more than 160 new cell towers in partnership with Terrion and deploying targeted enhancements to their 5G and LTE services at more than 1,000 existing sites nationwide this year – significantly increasing wireless coverage and capacity to meet the evolving needs of their customers and communities, now and into the future
  • Strengthening Canada’s AI infrastructure to meet surging demand for advanced compute power through the TELUS Sovereign AI Factory – officially ranked as the fastest and most powerful supercomputer in Canada by TOP500. Their Rimouski, Quebec facility sold out following its September 2025 launch and we are now expanding their compute inventory to meet continued demand. 
  • Delivering one of the world’s most powerful and sustainable AI infrastructure clusters with three world-class facilities in British Columbia, selected by the Government of Canada as the first project to advance under the federal Enabling Large-Scale Sovereign AI Data Centres initiative. Their AI factory in Kamloops, British Columbia, will come online later this year and we will develop two new Vancouver facilities to empower Canadian businesses, researchers, public sector and Indigenous organizations with access to cutting-edge Canadian-controlled compute – ensuring every piece of data, computation, and breakthrough remains within Canadian borders. 
  • TELUS Digital is advancing Canada’s sovereign AI capabilities through Fuel iX, a platform enabling Canadian companies to deploy secure, domestically controlled AI assistants. Building on industry-leading safety practices, Fuel iX Fortify addresses Canada’s stringent AI security and safety requirements through automated purple teaming and rigorous testing protocols, helping organizations confidently integrate AI while maintaining control over their data and systems
  • Deepening their commitment to rural and Indigenous connectivity by investing more than $3.3 million to expand broadband and wireless networks to more than 12,000 households through 2026

Pioneering Environmental Sustainability & Purpose-Built Housing

  • Advancing their journey to net-zero as part of their world-leading copper retirement program, we continue to support the circular economy by reclaiming and repurposing legacy copper networks, helping meet Canada’s need for this important resource. To date, we have mined more than 4,600 tonnes of copper from their network and enabled a reduction of 9,300 tonnes of GHG emissions – equal to removing nearly 2,000 cars from roads for a year
  • Strengthening Canada’s food sovereignty and global leadership in sustainable production through TELUS Agriculture & Consumer Goods. By expanding their Decisive Farming agronomy services in underserved rural areas and supporting Canada’s cattle producers, we’re helping farmers produce more with less. These efforts ensure a safe, affordable and efficient food supply for Canadians while delivering a critical reduction of up to 500,000 tonnes in GHG emissions by 2030
  • Addressing the increasing demand for housing availability and attainability by redeveloping their central office buildings into purpose-built residential rental developments under the TELUS Living initiative 

Fostering Healthy, Connected Communities

  • Further bridging digital and health divides through TELUS Internet, Mobility, Tech and Health for Good, and continuing to empower Canadians to stay safe online through TELUS Wise. Since inception, these initiatives have enhanced access to connectivity and healthcare for over 1.6 million people across Canada, while helping them remain safe in their digital world
  • Helping remove barriers for youth and empowering them to reach their full potential. Since 2005, the TELUS Friendly Future Foundation and their 21 TELUS Community Boards have directed over $150 million in grants to more than 11,500 health and education-focused charitable initiatives that support youth and 2,000 TELUS Student Bursaries for post-secondary students facing financial barriers
  • Helping organizations create healthier, more productive workforces through TELUS Health’s global leadership in healthcare access and technology innovations, supporting more than 170 million lives around the world, in collaboration with both Canadian and global-leading organizations
  • Strengthening community connections through authentic storytelling and contributing to a more inclusive creative ecosystem across Canada by investing over $40 million to amplify locally reflective stories and support creators and filmmakers across Canada through grants, production funding, training, mentorship and distribution across national platforms through TELUS’ three content funding programs: TELUS STORYHIVE, TELUS originals and maCommunauté
  • Fostering community connection through strategic partnerships with leading sports organizations including Hockey Canada, Canada Soccer, CF Montréal, CFL and the Canadian Premier League

Additionally since 2000, TELUS, their team members and retirees have provided $1.85 billion in cash, in-kind contributions, time and programs, including 2.5 million days of volunteerism to communities in Canada and around the world.  

These investments are consistent with TELUS’ capital expenditure guidance for 2026 as disclosed in the company’s fourth quarter 2025 results and 2026 targets news release dated February 12, 2026 and in the company’s first quarter 2026 results news release dated May 8, 2026.

TELUS also embraces tax morality as a means of further investing in communities. Since 2000, and as of the end of 2025, TELUS has paid approximately $65 billion in total tax and spectrum remittances to federal, provincial and municipal governments across Canada, consisting of corporate income taxes, sales taxes, property taxes, employer portion of payroll taxes, various regulatory fees and spectrum remittances, including more than $2.6 billion in taxes in 2025 alone. These funds support public works projects, education, healthcare, cultural pursuits and other initiatives that improve the social and economic well-being of communities.

Leave a comment »

Liquibase Financial Services Playbook Offers New Findings, Best Practices to Let FinServs Protect Data and Navigate the Mythos-Class Threat Age

Posted in Commentary with tags on May 19, 2026 by itnerd

Liquibase today announced The Financial Services Playbook for Governed Database Change, a new executive guide designed to help financial institutions modernize and secure one of the last major control gaps in enterprise technology delivery: database change.

Built for CIOs, CTOs, platform engineering leaders, database architects, and compliance teams, the playbook examines how banks, insurers, payment processors, fintechs, and capital markets firms continue to face a growing governance gap between highly automated application delivery pipelines and still-manual database change processes.

Field research for the Playbook was conducted across hundreds of financial services engagements spanning enterprise banks, regional institutions, credit unions, global insurers, payment processors, fintechs, and capital markets firms.

Among key findings:

  • The problem is universal. Manual database change execution is the industry baseline, not a maturity problem at lagging organizations.
  • Compliance is the accelerant. SOX, PCI DSS, SOC 2, and DORA are driving purchase decisions. When auditors flag deficiencies, budget materializes.
  • The DBA bottleneck is structural. Executive mandates to remove DBA involvement from routine changes are appearing at the largest institutions.
  • The proven path is pilot, platform, enterprise. Start with two to five applications, build the pipeline through platform engineering, then scale.
  • Multi-database reality is the baseline. Oracle, SQL Server, PostgreSQL, Snowflake, DynamoDB, Databricks. Partial coverage is not governance.

Organizations that close this gap deliberately will set the standard. The rest will be forced to catch up by their auditors, their regulators, or a production incident.

Drawing on field research from hundreds of financial services engagements, the playbook argues that manual database change execution remains the industry norm, even at highly mature institutions. It outlines how mounting regulatory scrutiny from frameworks including SOX, PCI DSS 4.0, SOC 2, DORA, and emerging operational resilience requirements is accelerating demand for governed database delivery pipelines.

The playbook also addresses a growing concern around AI adoption in software delivery.

Liquibase recently explored that emerging threat in its analysis: Banks Focus on AI Models. Mythos Class Attackers Focus on Your Databases.

Rather than focusing narrowly on tooling, the playbook walks readers through the operational realities financial institutions face today, including DBA bottlenecks, fragmented deployment tooling, audit evidence reconstruction, schema drift, and growing separation-of-duties concerns.

The guide also details a practical maturity path for organizations seeking to modernize database governance.

  • The governance gap: why database delivery remains structurally different from application delivery
  • How governance failures create operational, audit, and regulatory exposure
  • The evolving role of DBAs, platform engineering, and compliance teams
  • An eight-principle target operating model for governed database change
  • A phased rollout strategy covering pilot, platform, and enterprise adoption
  • A framework for evaluating build-versus-buy governance approaches
  • Metrics financial leaders can use to justify modernization investments
  • The impact of AI-generated SQL and hybrid cloud database environments on governance strategy

TL;DR: FinServ Operational Resilience Is At Risk

Manual database change execution is throttling data security and is the FinServ industry baseline, not a maturity problem at slow-adopter organizations.

Organizations that embed governance directly into database delivery pipelines now will gain operational resilience and regulatory advantages. Institutions that delay modernization risk being forced into reactive remediation by data loss or corruption incidents, by audit pressures, and by competitive market forces.

The executive summary of The Financial Services Playbook for Governed Database Change is available now from Liquibase: https://www.liquibase.com/resources/ebooks/financial-services-playbook-for-governed-database-change

Leave a comment »

81% of Enterprise Technology Leaders Report Production Failures from AI-Generated Code, New Research Shows

Posted in Commentary with tags on May 19, 2026 by itnerd

CloudBees today released the State of Code Abundance 2026, finding that AI-generated code is straining the enterprise systems built to deliver it, revealing a widening gap between confidence in AI-readiness and operational reality. 

The survey of more than 200 enterprise technology leaders reveals rising infrastructure costs, weak governance frameworks, and mounting operational risk, with 81% reporting production failures tied to AI-generated code. Meanwhile, “token anxiety” is emerging as finance teams struggle to forecast AI spend quarter to quarter. The pattern mirrors the early days of cloud adoption, when limited visibility and control left enterprises exposed to runaway costs.

More Code Isn’t Translating Into Business Value

AI is now deeply embedded in enterprise software development, with 64% of leaders saying it is widely adopted or fully integrated into engineering workflows. But increased code output has not translated into clear business impact, leaving organizations struggling to connect AI-driven development to measurable ROI. 

CloudBees’ findings reflect broader industry trends: external research shows that despite 75% of developers using AI coding tools, most organizations report no measurable improvement in business results.

Key findings include:

  • Code volume surges: 67% of enterprise technology leaders report a significant increase in code volume over the past 12 months, while 52% cite higher development output in features and pull requests. 
  • Value realization lags: Despite this surge, 36% of organizations track AI spend without measuring ROI or don’t measure ROI at all.
  • Attribution gap persists: Organizations rate themselves highly on ROI measurement confidence (51% very confident), yet only 31% of AI spend can be attributed to specific business outcomes.

Token Anxiety Emerges as the New Cloud Anxiety

AI-related costs are escalating across multiple layers, not just in token consumption, but in the downstream expenses building across testing, infrastructure, and security.

Additional key findings include:

  • Infrastructure costs are climbing: 54% report a significant increase in CI/CD infrastructure spend over the past 12 months, while 53% say testing, security scanning, and deployment costs have risen alongside growing code volume. 
  • Cost management remains reactive: Only 27% of organizations have set hard limits or quotas on token usage, and just 18% have implemented automated controls.
  • Budget forecasting remains unresolved: Only 45% describe their AI spend as very predictable quarter-to-quarter.

AI Velocity Is Outpacing Enterprise Governance

AI is compressing the time between code creation and deployment, but governance, validation, and accountability frameworks are not keeping pace. When no human fully engages in the cognitive process of building, ownership of failures becomes harder to assign. 

For example: 

  • Production issues rise as governance lags: 81% have experienced an increase in production issues attributable to AI-generated code.
  • Validation can’t keep up with volume: 70% now view test suite maintenance as a bigger burden than writing code itself, as AI generates more code than teams can effectively validate.
  • Accountability defaults upwards: 46% say the CTO or VP of Engineering is ultimately accountable for AI-related failures, while only 12% report having a dedicated governance function in place.

CloudBees Introduces Proprietary CARE Index to Measure Enterprise AI Readiness

As part of this research, CloudBees introduces the Code Abundance Readiness Evaluation (CARE) Index, a proprietary composite score designed to assess how effectively enterprises can track, attribute, and forecast AI-driven costs against productivity outcomes. Based on six dimensions of operational readiness, the CARE Index establishes an industry baseline for AI governance maturity and will serve as a recurring benchmark for measuring enterprise progress year-over-year.

The 2026 industry baseline: 83.6/100 — reflecting strong self-reported confidence in AI readiness across enterprises. However, when measured against operational data, a significant gap emerges between perceived preparedness and actual capability.

The index reveals:

  • High confidence, low attribution: Organizations score highest on ROI measurement confidence (51% very confident), yet only 31% of AI spend can be attributed to specific business outcomes.
  • Visibility without predictability: Cost visibility ranks among leaders’ highest self-reported CARE scores (54% report very clear visibility), yet only 45% describe their AI spend as highly predictable quarter-to-quarter.

The State of Code Abundance 2026 was unveiled at Agentic DevOps World 2026, a virtual summit hosted by CloudBees bringing together CIOs, CTOs and VPs of Engineering to address the growing challenges of governance, cost visibility and delivery confidence at scale. To learn more, visit here

Methodology: The study was conducted by independent research agency TrendCandy on behalf of CloudBees and included 213 enterprise technology leaders. The margin of error is +/-8% at the 95% confidence level.

Leave a comment »

« Older Entries